931 matches found
Exploit for Improper Input Validation in Postgresql
CVE-2018-1058 — PostgreSQL Search Path Demonstration This rep...
CVE-2026-42461
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
CVE-2026-39882 affecting package docker-compose for versions less than 2.27.0-9
CVE-2026-39882 affecting package docker-compose for versions less than 2.27.0-9. A patched version of the package is available...
CVE-2026-42461
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
EUVD-2026-28897
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
CVE-2026-42461 Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
CVE-2026-42461 Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full...
arcane 安全漏洞
Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from four GET endpoints under/api/templates, which did not have security requirements set up. This could allow any...
CVE-2026-41930
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
vulnerability-lab
🔐 Vulnerability Lab Buffer Overflow + SQLi ⚠️ FOR EDUCATI...
aerobi-poc
Aerobi POC — Simulação local de monitoramento de câmeras Labo...
CVE-2026-41930
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930
Vvveb
Vvveb 访问控制错误漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained an access control vulnerability. This vulnerability stemmed from hard-coded credentials in the...
PT-2026-38219
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description A hard-coded credentials issue exists in the docker-compose-apache.yaml configuration. This allows unauthenticated attackers to access the bundled phpMyAdmin container using pre-configured database...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipu3-imgu: A NULL pointer dereferencing occurred in imgusubdevsetselection. Calling v4l2subdevgettrycrop and v4l2subdevgettrycompose with a subdev state of NULL leads to a NULL pointer dereferencing. This issue can occur in...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...
Astra Linux – Vulnerability in docker.io-app
Docker Compose relies on the path information embedded in remote OCI Compose artifacts. When a layer includes the annotations com.dockercompose.extends or com.dockercompose.envfile, Compose incorporates the value provided by the attacker from com.dockercompose.file/com.dockercompose.envfile into...