9242 matches found
CVE-2025-53372
CVE-2025-53372 concerns the node-code-sandbox-mcp MCP Server (Node.js) prior to version 1.3.0, which is vulnerable to command injection through unsanitized input used in a call to a shell command via child_process.execSync. Exploitation can allow remote code execution with the server process’s pr...
CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...
CVE-2025-53376
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376
Dokploy is a self-hosted PaaS where an authenticated, low-privileged user can execute arbitrary OS commands on the host via the tRPC procedure docker.getContainersByAppNameMatch, which interpolates an attacker-controlled appName into a Docker CLI call without sanitisation. The root cause is unsan...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server
CVE-2025-47812 Improper input validation led to Remote Code Ex...
Exploit for Incorrect Authorization in Sudo_Project Sudo
CVE-2025-32462 & CVE-2025-32463 – PoC Lab This is a container...
PT-2025-28204 · Dokploy · Dokploy
Name of the Vulnerable Software and Affected Versions: Dokploy versions prior to 0.23.7 Description: Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS comman...
Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware
PoC exploit for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller ADC and Gateway. The repository, CitrixHoneypot, is a honeypot designed to detect and log scan and exploitation attempts for this vulnerability. The tool is written in Python and uses the http.server module ...
CVE-2025-6587
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use th...
CVE-2025-6587
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...
CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...
CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...
CVE-2025-6587
Docker Desktop CVE-2025-6587 concerns the logging of system environment variables in diagnostic logs when using shell auto-completion, potentially exposing API keys, passwords, or other secrets to anyone with read access to those logs. Multiple connected sources confirm the vulnerability affects ...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813 Apache Tomcat RCE Exploit PoC This repository...
PT-2025-27769 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...
Docker Desktop 安全漏洞
Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463 – sudo chroot "chwoot" PoC This repository p...