Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

Improper Protection for Out of Bounds Signal Level Alerts

Overview @nocobase/auth is a Affected versions of this package are vulnerable to Improper Protection for Out of Bounds Signal Level Alerts via the official one-click Docker deployment configuration, a public default JWT key was historically provided.. An attacker can gain unauthorized access to...

GHSA-MV7P-34FV-4874 Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...

CVE-2025-34207

Vasion Print (Virtual Appliance Host and Application) before versions 22.0.1049 and 20.0.2786 respectively use insecure SSH client settings in Docker: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. This disables host key verification and forwards the SSH agent, enab...

D2iQ DC/OS Marathon 安全漏洞

D2iQ DC/OS Marathon is a native task scheduler from US-based D2iQ. A security vulnerability exists in D2iQ DC/OS Marathon versions prior to 1.9.0, which stems from an insufficient restriction on volume mount configurations that could lead to arbitrary Docker container deployments...

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence AI infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...