Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/04 7:26 p.m.29 views

CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS0.00433EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.10 views

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2021/07/21 12:0 a.m.188 views

MikroTik RouterOS <= 6.48.6 Multiple Vulnerabilities

MikroTik RouterOS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"; if...

6.5CVSS6.5AI score0.02107EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.6 views

MikroTik RouterOS 代码问题漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A memory corruption vulnerability exists in the /nova/bin/console process in Mikrotik RouterOs version 6.44.5. An...

6.5CVSS5.9AI score0.01881EPSS
Exploits1References2
Rows per page
Query Builder