ThingsBoard 代码注入漏洞

ThingsBoard is a Java-based platform developed by the ThingsBoard team, used for monitoring, managing, and data collection of IoT devices. Versions of ThingsBoard 4.3.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the...

PT-2026-41141

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...

CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

PT-2026-5367

Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1 Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal vulnerability exists in the UserConfigController. This allows a remote user to overwrite the system's...

CVE-2025-56157

Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...

PT-2025-52280

Name of the Vulnerable Software and Affected Versions Dify versions through 1.5.1 Description The software contains default credentials. Specifically, the PostgreSQL username and password are specified in the docker-compose.yaml file included in the source code. Recommendations Versions prior to...

CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

PT-2025-48812

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-55740

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

CVE-2025-55740 Default Credentials in nginx-defender Configuration Files

nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...

Shomon - Shodan Monitoring Integration For TheHive

ShoMon is a Shodan alert feeder for TheHive written in GoLang. With version 2.0, it is more powerful than ever! Functionalities Can be used as Webhook OR Stream listener Webhook listener opens a restful API endpoint for Shodan to send alerts. This means you need to make this endpoint available to...

Docker-Tester 操作系统命令注入漏洞

Docker-Tester uses docker-compose files to set up test environments and verify them before running tests. A security vulnerability exists in version 1.2.1 of Docker-Tester, which can be exploited by an attacker to maliciously execute operating system commands...

CVE-2020-15080

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server...

Exploit for Improper Input Validation in Redhat Openshift

This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The project is designed to help users learn about vulnerabilities and improve their defensive skills. The repository contains a collection of vulnerable environments, each with its own Docker-Compo...