4 matches found
CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...
MikroTik RouterOS <= 6.48.6 Multiple Vulnerabilities
MikroTik RouterOS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"; if...
MikroTik RouterOS 代码问题漏洞
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A memory corruption vulnerability exists in the /nova/bin/console process in Mikrotik RouterOs version 6.44.5. An...