Lucene search
K

57 matches found

NVD
NVD
added 2026/07/02 4:16 p.m.7 views

CVE-2026-58455

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS0.0119EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 3:12 p.m.7 views

EUVD-2026-41405

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS6.1AI score0.0119EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 3:12 p.m.37 views

CVE-2026-58455 Dockwatch 0.6.567 Unauthenticated OS Command Injection via ajax/compose.php

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS0.0119EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 3:12 p.m.17 views

CVE-2026-58455

Dockwatch 0.6.567 is affected by an unauthenticated OS command injection. The flaw arises from a missing exit() after an authentication redirect in loader.php and unsanitized input passed to shell_exec() in ajax/compose.php, allowing an attacker to seed a session flag via an incomplete auth check...

9.8CVSS6.1AI score0.0119EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 3:12 p.m.8 views

CVE-2026-58455

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit after an authentication redirect in loader.php combined with unsanitized input passed to shellexec in...

9.8CVSS6.1AI score0.0119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55261

Name of the Vulnerable Software and Affected Versions Dockwatch versions prior to 0.6.568 Description An unauthenticated OS command injection exists that allows remote attackers to execute arbitrary shell commands. The issue arises from a chain of two bugs: a missing exit function after an...

9.8CVSS6.3AI score0.0119EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 12:21 p.m.10 views

Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
OSV
OSV
added 2026/07/01 12:21 p.m.7 views

MAL-2026-6722 Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:54 p.m.7 views

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS5.8AI score0.00472EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:54 p.m.40 views

CVE-2026-53576 Kestra: Unauthenticated RCE via /configs path-suffix auth-filter bypass

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API @Filter"/api/v1/" treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresse...

10CVSS0.00472EPSS
Exploits2References1
CVE
CVE
added 2026/06/26 8:54 p.m.26 views

CVE-2026-53576

Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...

10CVSS5.8AI score0.00472EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52984

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description The authentication filter for the REST API endpoint /api/v1/ incorrectly treats any request path ending in /configs as a public instance-config endpoint, allowing it t...

10CVSS5.8AI score0.00472EPSS
Exploits2References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6406

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

8.8CVSS5.5AI score0.00211EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.14 views

Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.16 views

Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.8 views

MAL-2026-5146 Malicious code in @redhat-cloud-services/remediations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 12:0 a.m.16 views

Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6.2AI score
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.9 views

MAL-2026-5147 Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 6:32 p.m.23 views

CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

8.8CVSS0.00211EPSS
Exploits0References2
Rows per page
Query Builder