Lucene search
K

136 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.10 views

(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The specific flaw exists within the the...

8.2CVSS6.1AI score
Exploits0
CNVD
CNVD
added 2026/01/09 12:0 a.m.14 views

ComfyUI-Manager CRLF Injection Vulnerability

ComfyUI is a popular node-based Stable Diffusion GUI widely used for building and executing AI image generation workflows.ComfyUI-Manager is an extension manager plugin for ComfyUI to simplify the management of installations of custom nodes, models and dependencies. ComfyUI-Manager suffers from a...

6.3AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-1040

Malware in sbrugna...

5CVSS6.4AI score0.01064EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3655

Malware in sbrugna...

5.4CVSS5.4AI score0.00784EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2010-3154

Malware in sbrugna...

9.3CVSS6.4AI score0.11326EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-5166

Malware in sbrugna...

10CVSS9.3AI score0.03752EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-4044

Malware in sbrugna...

4.9CVSS6.2AI score0.00892EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-0056

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00352EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4422

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.01279EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2025/06/10 12:0 a.m.256 views

📄 DokuWiki 2025-05-14a Shell Upload

DokuWiki version 2025-05-14a suffers from a remote shell upload vulnerability. Exploit Title: DokuWiki 2025-05-14a Remote Code Execution via File Upload Authenticated Exploit Author: tmrswrr Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link:...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 a.m.12 views

CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714...

7.1CVSS6.5AI score0.24558EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 a.m.8 views

CVE-2010-3154

Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file...

9.3CVSS7.8AI score0.11326EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:7 a.m.7 views

CVE-2010-1007

Unspecified vulnerability in the Power Extension Manager chlightem extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors...

5CVSS6.6AI score0.01064EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 7:16 p.m.4 views

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

7.2CVSS6.1AI score0.00485EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.7 views

PT-2025-22419

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A vulnerability in SeedDMS allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Recommendations For SeedDMS version 6.0.3...

7.2CVSS7.3AI score0.00485EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 12:34 a.m.21 views

CVE-2024-55921

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8.8CVSS8AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 8:15 p.m.56 views

CVE-2024-55921

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8.8CVSS0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/14 7:36 p.m.11 views

CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

7.5CVSS8.1AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/14 7:36 p.m.48 views

CVE-2024-55921 Cross-Site Request Forgery in Extension Manager Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

7.5CVSS0.00352EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 7:36 p.m.67 views

CVE-2024-55921

Summary: CVE-2024-55921 affects TYPO3 via the Extension Manager Module, where a CSRF weakness in deep-link handling and improper acceptance of state-changing actions via HTTP GET can allow an attacker to abuse an active backend session through a malicious URL. Conditions that enable exploitation ...

8.8CVSS8AI score0.00352EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder