GHSA-M4GQ-FM9H-8Q75 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, kubescape, docker-compose...

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

...

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

...

CVE-2025-22869 affecting package docker-compose for versions less than 2.27.0-4

CVE-2025-22869 affecting package docker-compose for versions less than 2.27.0-4. A patched version of the package is available...

CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4

CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4. A patched version of the package is available...

Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

...

CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10

CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10. A patched version of the package is available...

CVE-2025-27615

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

CVE-2025-27615 umatiGateway's UI publicly accessible in provided docker-compose file

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit...

AZL-57374 CVE-2025-22869 affecting package docker-compose for versions less than 2.27.0-4

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57434 CVE-2025-22869 affecting package moby-compose for versions less than 2.17.3-10

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: wgcf, runc, prometheus-alertmanager, mkcert, docker-credential-ecr-login, kwok, q, kubernetes-ingress-defaultbackend, step, go-bindata, pombump, kube-bench, aws-efs-csi-driver, direnv, sonobuoy, wave, wireguard-go, tekton-chains, kubernetes-dashboard, k9s, tempo,...

CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard allows Reflected XSS. This issue affects Kv Compose Email From Dashboard: from n/a through 1.1...

CVE-2025-23525

CVE-2025-23525 is a reflected cross-site scripting vulnerability in the WordPress plugin Kv Compose Email From Dashboard (Kv Send Email From Admin) with affected versions up to 1.1. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sour...

CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

PT-2025-6986 · Unknown · Kv Compose Email From Dashboard

Name of the Vulnerable Software and Affected Versions: Kv Compose Email From Dashboard versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

Zertificon Z1 SecureMail 安全漏洞

Zertificon Z1 SecureMail is an email encryption and signature for businesses from Zertificon, Germany. A security vulnerability exists in Zertificon Z1 SecureMail version 4.44.2-7240-debian12, which originates from the ability to obtain sensitive information via the /compose-pdf.xhtml?convid=id...

Azure Linux 3.0 Security Update: cert-manager / helm / moby-cli / moby-compose / moby-engine (CVE-2023-2253)

The version of cert-manager / helm / moby-cli / moby-compose / moby-engine installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2253 advisory. - A flaw was found in the /v2/catalog endpoint in...