Duplicate Advisory: Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mv7p-34fv-4874. This link is maintained to preserve external references. Original Description A vulnerability was detected in nocobase up to 1.9.4/2.0.0-alpha.37. The affected element is an unknown function of t...

Exploit for CVE-2021-21980

Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...

Exploit for Race Condition in Vercel Next.Js

CVE-2025-32421---Race-Condition-Vulnerability---Next.js PoC La...

CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6

CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6. A patched version of the package is available...

lab-sqli-v1

🔐 Laboratorio de SQL Injection - Del Principiante al Experto...

AZL-70331 CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

ROS-20251113-08

A vulnerability in the Docker Compose multi-container application management tool is related to an incorrect restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely to overwrite an arbitrary file...

Exploit for Improper Restriction of XML External Entity Reference in Jetbrains Ktor

CVE-2023-45612 PoC This repository contains a proof of concep...

Important Photon OS Security Update - PHSA-2025-5.0-0667

Updates of 'docker-compose' packages of Photon OS have been released...

GO-2025-4077 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose...

SUSE CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725: From “docker compose ps” to System Compromise

Docker Compose powers millions of workflows, from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines. It’s trusted by developers as the friendly layer above Docker Engine that turns a few YAML lines into a running application. In early October 2025, whil...

CVE-2025-62725

Docker Compose is vulnerable to a path traversal flaw in how it handles OCI artifact layer annotations. When processing remote OCI compose artifacts, Compose trusts attacker-controlled annotation fields such as com.docker.compose.extends and com.docker.compose.envfile. This allows a crafted...

Fedora: Security Advisory (FEDORA-2025-025aff9420)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-62725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or...

DEBIAN-CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

UBUNTU-CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725

CVE-2025-62725 affects Docker Compose when resolving remote OCI artifacts. The vulnerability arises from path handling of annotations in OCI layers (com.docker.compose.file and com.docker.compose.envfile), where Docker Compose joins attacker-controlled paths with its local cache directory without...

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...