CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/07/10 9:14 p.m.•3 views

CVE-2025-6392 Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)

6.7CVSS7AI score0.00136EPSS

CVE•added 2025/07/10 9:14 p.m.•25 views

CVE-2025-6392

Brocade SANnav prior to version 2.4.0a exposes database passwords in cleartext in audit logs generated by the daily data dump collector when docker exec commands run. Logs reside on the host VM local audit logs and are not controlled by SANnav, only visible to the host admin. Affected release is ...

6.7CVSS6.4AI score0.00136EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/07/10 3:27 p.m.•7 views

CVE-2025-53372

node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...

7.5CVSS8.8AI score0.01053EPSS

CBLMariner•added 2025/07/10 3:9 p.m.•3 views

CVE-2025-22872 affecting package docker-buildx for versions less than 0.14.0-6

CVE-2025-22872 affecting package docker-buildx for versions less than 0.14.0-6. A patched version of the package is available...

6.5CVSS7.3AI score0.0045EPSS

CNNVD•added 2025/07/10 12:0 a.m.•3 views

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a storage area network management and automation software platform from Broadcom, Inc. A security vulnerability exists in Broadcom Brocade SANnav versions prior to 2.4.0a, which stems from a daily data dump collector that may record database passwords in plaintext to...

6.7CVSS6.7AI score0.00136EPSS

Exploits0References3

Amazon•added 2025/07/10 12:0 a.m.•5 views

Medium: soci-snapshotter

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: soci-snapshotter Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more abo...

Amazon•added 2025/07/10 12:0 a.m.•4 views

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon...

Amazon•added 2025/07/10 12:0 a.m.•6 views

Medium: docker

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS

Amazon•added 2025/07/10 12:0 a.m.•3 views

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about...

Amazon•added 2025/07/10 12:0 a.m.•4 views

Medium: runfinch-finch

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runfinch-finch Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...

Amazon•added 2025/07/10 12:0 a.m.•6 views

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about...

Tenable Nessus•added 2025/07/10 12:0 a.m.•4 views

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-066)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-066 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...

6.8CVSS6.5AI score0.0056EPSS

Exploits0References4

Tenable Nessus•added 2025/07/10 12:0 a.m.•6 views

Amazon Linux 2 : docker (ALASDOCKER-2025-070)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-070 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...

6.8CVSS6.5AI score0.0056EPSS

Exploits0References4

OSV•added 2025/07/09 5:56 p.m.•2 views

GHSA-PHHQ-63JG-FP7R Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...

3.5CVSS7AI score

Exploits0References4

RedhatCVE•added 2025/07/09 4:3 p.m.•9 views

CVE-2025-53376

Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...

8.7CVSS8AI score0.01116EPSS

CNNVD•added 2025/07/09 12:0 a.m.•2 views

Mautic Docker Image 安全漏洞

Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...

5.3CVSS6.7AI score0.00237EPSS