9236 matches found
CVE-2025-14651
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...
CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...
CVE-2025-14651
The CVE concerns MartialBE one-hub up to version 0.14.27. The vulnerability arises from the docker-compose.yml configuration where the SESSION_SECRET is manipulated, leading to use of a hard-coded cryptographic key. Reported as exploitable remotely with high attack complexity, the issue is descri...
CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...
One Hub 安全漏洞
One Hub is an OpenAI interface management and distribution system for Buer individual developers. A security vulnerability exists in One Hub version 0.14.27 and earlier, which stems from the use of a hard-coded key for the parameter SESSIONSECRET in the docker-compose.yml file, which could lead t...
PT-2025-51155
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION SECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an atta...
Exploit for Deserialization of Untrusted Data in Facebook React
R2SHELL !WARNING Este proyecto es SOLO PARA PROPÓSITO...
Hunting for Mythic in network traffic
Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...
CVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
cyber-security-lab-soc-vapt-beginner
Cyber Security Practice Lab — Beginner SOC + VAPT This begin...
PT-2025-51041
CVE-2025-67512 - Apache Docker Privilege Escalation CVE ID : CVE-2025-67512 Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago Description : Rejected reason: The vulnerability is dependency-based. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...
Exploit for Deserialization of Untrusted Data in Facebook React
💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...
abrt: Command-injection in ABRT leading to local privilege escalation
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 — demo This repository provides a demonstratio...
EUVD-2025-202325
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop
Improper Protection for Out of Bounds Signal Level Alerts
Overview @nocobase/auth is a Affected versions of this package are vulnerable to Improper Protection for Out of Bounds Signal Level Alerts via the official one-click Docker deployment configuration, a public default JWT key was historically provided.. An attacker can gain unauthorized access to...