9168 matches found
CVE-2025-53376
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
Mautic Docker Image 安全漏洞
Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...
Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection
Summary A command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to...
CVE-2025-53372
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...
CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...
CVE-2025-53372
CVE-2025-53372 concerns the node-code-sandbox-mcp MCP Server (Node.js) prior to version 1.3.0, which is vulnerable to command injection through unsanitized input used in a call to a shell command via child_process.execSync. Exploitation can allow remote code execution with the server process’s pr...
CVE-2025-53372 node-code-sandbox-mcp has a Sandbox Escape via Command Injection
node-code-sandbox-mcp is a Node.js–based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use o...
CVE-2025-53376
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376
Dokploy is a self-hosted PaaS where an authenticated, low-privileged user can execute arbitrary OS commands on the host via the tRPC procedure docker.getContainersByAppNameMatch, which interpolates an attacker-controlled appName into a Docker CLI call without sanitisation. The root cause is unsan...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server
CVE-2025-47812 Improper input validation led to Remote Code Ex...
Exploit for Incorrect Authorization in Sudo_Project Sudo
CVE-2025-32462 & CVE-2025-32463 – PoC Lab This is a container...
PT-2025-28204 · Dokploy · Dokploy
Name of the Vulnerable Software and Affected Versions: Dokploy versions prior to 0.23.7 Description: Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS comman...
Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware
PoC exploit for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller ADC and Gateway. The repository, CitrixHoneypot, is a honeypot designed to detect and log scan and exploitation attempts for this vulnerability. The tool is written in Python and uses the http.server module ...
CVE-2025-6587
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use th...
CVE-2025-6587
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...
CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...
CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs
System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...