DEBIAN-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

UBUNTU-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532

Summary: CVE-2026-33532 affects the yaml JavaScript library. The vulnerability is in the compose/resolve phase of the parser, where a recursive call path without a depth bound can cause a RangeError: Maximum call stack size exceeded when parsing YAML input (typical payload ~2–10 KB). This can lea...

SUSE-SU-2026:20871-1 Security update for docker-compose

This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...

PT-2026-28167

Name of the Vulnerable Software and Affected Versions yaml versions prior to 1.10.3 yaml versions prior to 2.8.3 Description The yaml library is susceptible to a stack overflow when parsing YAML documents. The issue occurs during the node resolution/composition phase, which uses recursive functio...

MAL-2026-2145 Malicious code in compose-rl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7bb3250324aea46c0121883650a393aeee3569ba3a3a8f202530bdc523a5735 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Heimdall: Path received via Envoy gRPC corrupted when containing query string

Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14

CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14. A patched version of the package is available...

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

GHSA-XXPW-32HF-Q8V9 AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

PT-2026-23437

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 24.0 Description The AVideo application's official docker-compose.yml file publishes the memcached service on host port 11211 0.0.0.0:11211 without authentication. The Dockerfile configures PHP to store all user sessio...

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...