136 matches found
(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The specific flaw exists within the the...
ComfyUI-Manager CRLF Injection Vulnerability
ComfyUI is a popular node-based Stable Diffusion GUI widely used for building and executing AI image generation workflows.ComfyUI-Manager is an extension manager plugin for ComfyUI to simplify the management of installations of custom nodes, models and dependencies. ComfyUI-Manager suffers from a...
EUVD-2010-1040
Malware in sbrugna...
EUVD-2010-3655
Malware in sbrugna...
EUVD-2010-3154
Malware in sbrugna...
EUVD-2016-5166
Malware in sbrugna...
EUVD-2010-4044
Malware in sbrugna...
EUVD-2025-0056
Malicious code in bioql PyPI...
EUVD-2022-4422
Malicious code in bioql PyPI...
📄 DokuWiki 2025-05-14a Shell Upload
DokuWiki version 2025-05-14a suffers from a remote shell upload vulnerability. Exploit Title: DokuWiki 2025-05-14a Remote Code Execution via File Upload Authenticated Exploit Author: tmrswrr Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link:...
CVE-2010-4068
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...
CVE-2010-3154
Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file...
CVE-2010-1007
Unspecified vulnerability in the Power Extension Manager chlightem extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors...
CVE-2025-45752
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...
PT-2025-22419
Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A vulnerability in SeedDMS allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Recommendations For SeedDMS version 6.0.3...
CVE-2024-55921
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55921
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
CVE-2024-55921
Summary: CVE-2024-55921 affects TYPO3 via the Extension Manager Module, where a CSRF weakness in deep-link handling and improper acceptance of state-changing actions via HTTP GET can allow an attacker to abuse an active backend session through a malicious URL. Conditions that enable exploitation ...