9236 matches found
GHSA-MV7P-34FV-4874 Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...
Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments
Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...
GHSA-GQFV-G4V7-M366 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...
Exploit for CVE-2025-9074
CVE-2025-9074: Docker Desktop Container Escape PoC !CVEhtt...
PT-2025-50250
Name of the Vulnerable Software and Affected Versions Docker Desktop affected versions not specified Description Docker Desktop diagnostics bundles include expired Hub PATs Personal Access Tokens in log output because of error object serialization. This can lead to the leakage of sensitive...
Docker Desktop 安全漏洞
Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
GO-2025-4179 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway
Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway...
Exploit for CVE-2025-66478
CVE-2025-66478 – Next.js Server Actions RCE Vulnerability: Ana...
Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-086 (ALASDOCKER-2025-086)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-086 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6,...
CVE-2025-65637 vulnerabilities
Vulnerabilities for packages: gostatsd, aws-flb-kinesis, aws-flb-cloudwatch, sonobuoy, aws-flb-firehose, smokescreen, kpt, go-discover, kubeflow, src-fingerprint, neuvector-dbgen, hello-world-golang, newrelic-nri-statsd, docker-credential-gcr, php-fpmexporter, terraform-provider-google,...
GHSA-4F99-4Q7P-P3GH vulnerabilities
Vulnerabilities for packages: gostatsd, aws-flb-kinesis, aws-flb-cloudwatch, sonobuoy, aws-flb-firehose, smokescreen, kpt, go-discover, kubeflow, src-fingerprint, neuvector-dbgen, hello-world-golang, newrelic-nri-statsd, docker-credential-gcr, php-fpmexporter, terraform-provider-google,...
Exploit for CVE-2025-9074
CVE-2025-9074 Exploit Tool A sophisticated exploitation frame...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell 핵심 패키지 📦 포함 파일 1. 취약한 Do...
nim-pentest-agent
NimPentestAgent Agent autonome de pentest intelligent pour CT...
SUSE CVE-2025-12744
A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Exploiting Log4Shell CVE-2021-44228: A Complete, Modern Demo...
Exploit for Deserialization of Untrusted Data in Getlaminas Laminas-Http
CVE-2021-3007 — Laminas/Zend HTTP Deserialization RCE ==========...
Exploit for CVE-2025-55182
CVE-2025-55182 Scanner & Exploit Lab This repository contains...
Exploit for CVE-2025-55182
CVE-2025-55182 - Dockerized Proof of Concept This repository...