GHSA-7C64-F9JR-V9H2 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, newrelic-infrastructure-agent, kube-state-metrics, knative-operator, gitsign, prometheus, azurefile-csi, db-operator, mockery, gitlab-kas, steampipe, helm-docs, boring-registry, rancher-loglevel, apache-exporter,...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, newrelic-infrastructure-agent, kube-state-metrics, knative-operator, gitsign, prometheus, azurefile-csi, db-operator, mockery, gitlab-kas, steampipe, helm-docs, boring-registry, rancher-loglevel, apache-exporter,...

Exploit for CVE-2025-55182

CVE-2025-55182-docker-lab Vulnerable Docker environment for l...

Exploit for CVE-2025-55182

CVE-2025-55182 Scanner & Exploit Lab This repository contains...

Linux Distros Unpatched Vulnerability : CVE-2025-12744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them direct...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components RCE Exploit Python C...

EUVD-2025-200985

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...

GHSA-46GC-MWH4-CC5R Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode

Impact When ran in sse or streaming mode --transport, the Docker MCP Gateway is vulnerable to a DNS rebinding attack. Vulnerability allows for Browser-Based exploitation of any MCP servers that are executing within the Docker MCP Gateway. Any tools or other features exposed by MCP servers can be...

CVE-2025-13948

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948 opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

CVE-2025-13948

The CVE-2025-13948 entry concerns opsre go-ldap-admin (up to 20251011) with an issue in the JWT Handler’s docs/docker-compose/docker-compose.yaml processing. Manipulating the argument secret key can lead to use of a hard-coded cryptographic key, enabling remote attack. Exploitation details beyond...

Exploit for CVE-2025-41115

Grafana SCIMalform CVE-2025-41115 Overview This re...

CVE-2025-12744

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

Docker MCP Gateway 安全漏洞

Docker MCP Gateway is a gateway service from Docker Inc. in the United States. A security vulnerability exists in Docker MCP Gateway version 0.27.0 and earlier, which stems from vulnerability to DNS rebinding attacks when running in sse or streaming transport mode, and could lead to browser-based...

PT-2025-48812

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . Th...

Go Ldap Admin 安全漏洞

Go Ldap Admin is an openLDAP backend management project based on Go+Vue implementation organized by China opsre. A security vulnerability exists in Go Ldap Admin 20251011 and earlier versions, which originates from the use of hard-coded encryption keys by the JWT Handler component in the...

Fedora 41 : docker-buildkit (2025-1ccd7dbf40)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1ccd7dbf40 advisory. Update to release v0.26.1 ---- - Update to release v0.26.0 - Resolves: rhbz2412681, rhbz2412761 - Upstream new features and fixes - dependency...

Fedora 41 : docker-buildx (2025-6e24679a4d)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e24679a4d advisory. - Update to release v0.30.1 - Upstream fix ---- - Update to release v0.30.0 - Resolves: rhbz2413270 - Resolves: rhbz2407614, rhbz2407881, rhbz240815...