CVE-2024-10846

Summary: CVE-2024-10846 affects the compose-go library. The vulnerability occurs in versions v2.10–v2.4.0 of the compose-go component when an authorized user sends malicious YAML payloads, causing the library to consume excessive memory and CPU cycles during YAML parsing (as used by Docker Compos...

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltration bsc1234089. CVE-2024-23650: Fixed possibile BuildKit daemon crash via malicious BuildKit client or frontend request...

CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3

CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3. A patched version of the package is available...

CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3

CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3. A patched version of the package is available...

GHSA-36GQ-35J3-P9R9 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

homarr 跨站脚本漏洞

homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the main server. A security vulnerability exists in homarr versions prior to v0.14.0 that stems from the inclusion of a stored cross-site scripting XSS...

PT-2025-1609 · Docker +1 · Docker Compose +1

Name of the Vulnerable Software and Affected Versions: compose-go versions v2.10 through v2.4.0 Docker Compose versions v2.27.0 through v2.29.7 Description: The issue allows an authorized user who sends malicious YAML payloads to cause excessive memory and CPU cycle consumption while parsing YAML...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2025-1119)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain...

Exploit for CVE-2024-38821

CVE-2024-38821: Proof of Concept PoC: Authentication Bypass...

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

CVE-2022-34169 PoC A malleable PoC and solution for the SU...

Exploit for CVE-2025-25599

CVE-2025-25599 Details Bolt is an o...

CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2

CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2. A patched version of the package is available...

ProcessMaker 安全漏洞

ProcessMaker is a Php-written website builder for business process management BPM and workflow management from ProcessMaker Inc. in the United States. A security vulnerability exists in ProcessMaker pm4core-docker version 4.1.21-RC7, which originates from an arbitrary file upload vulnerability in...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

Exploit for Improper Check for Unusual or Exceptional Conditions in Jenkins

Intro This is an exploit for CVE-2024-43044, an arbitrary fil...

Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...