JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from an information disclosure vulnerability th...

Linux Distros Unpatched Vulnerability : CVE-2021-21284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...

Linux Distros Unpatched Vulnerability : CVE-2020-13347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system...

PT-2025-34900

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.6 Description: Coolify is susceptible to a remote code execution issue within the application deployment workflow. Authenticated users with low-level member privileges can inject arbitrary Docker...

Linux Distros Unpatched Vulnerability : CVE-2018-20871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions other write access occur in certain...

Linux Distros Unpatched Vulnerability : CVE-2021-39939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4...

Exploit for Out-of-bounds Write in Php

Task Management APP CVE-2019-11043 Lab Minimal PHP app with...

This Week in Spring - August 26th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the floor of SpringOne, live from lovely Las Vegas! As you can imagine, I've got to get back into it, so we'll make this one a quick one. And if you're here, be sure to say "hi"! In last week's A Bootifu...

Linux Distros Unpatched Vulnerability : CVE-2020-8564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file bein...

CVE-2025-57802

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074 , carries a CVSS score of 9.3 out of 10.0. It has...

CVE-2025-57802 Airlink's Daemon Symlink Vulnerability

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

CVE-2025-57802

Airlink’s Daemon vulnerability (CVE-2025-57802) affects version 1.0.0, where an attacker with access to the affected container can create symbolic links inside the mounted /app/data directory. Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive host loc...

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

Exploit for CVE-2025-9074

CVE-2025-9074 – Docker Desktop Windows Container→Host Write...

PT-2025-34689 · Docker +1 · Docker +1

Name of the Vulnerable Software and Affected Versions: Airlink versions prior to 1.0.1 Description: Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. An attacker with access to the affected container can create symbolic links...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

Exploit for Path Traversal in Ctfer-Io Chall-Manager

CVE-2025-53632 This repository contains an exploit of CVE-2...

CVE-2025-57734

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files...

JetBrains TeamCity < 2025.07.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.07.1. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership. CVE-2025-577...