Lucene search
+L

86 matches found

NVD
NVD
added 2026/03/04 5:16 p.m.19 views

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS0.00472EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-22939

Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...

9.8CVSS6AI score0.00472EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.7 views

CVE-2021-22117

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins...

7.8CVSS6.8AI score0.00611EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

8.8CVSS8.8AI score0.00744EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/15 8:22 p.m.27 views

CVE-2023-53868 Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

8.7CVSS0.00744EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.166 views

📄 Notepad++ 8.8.7 DLL Hijacking

Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...

7AI score
Exploits0
Veracode
Veracode
added 2025/11/25 9:38 a.m.10 views

Path Traversal

mattermost is vulnerable to Path Traversal. The vulnerability is due to improper validation of the import directory path, where malicious plugins can be placed into the prepackaged plugins directory, and attacker with admin access can exploit this to execute arbitrary code on the server...

8CVSS7.9AI score0.00599EPSS
Exploits0References5Affected Software2
Metasploit
Metasploit
added 2025/11/22 6:58 p.m.273 views

Notepad++ Plugin Persistence

This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2025/11/20 1:45 a.m.259 views

Exploit for CVE-2025-13390

WP Directory Kit /dev/null echo "+ Auto-login successful"...

10CVSS7.1AI score0.0472EPSS
Exploits3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-9275

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00611EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-23387

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.00867EPSS
Exploits0References3
Veracode
Veracode
added 2025/08/19 11:31 a.m.7 views

Code Execution

Vault is vulnerable to code execution. The vulnerability is due to a privileged operator with write access to sys/audit being able to exploit a plugin directory in Vault’s configuration, which allows an attacker to execute arbitrary code on the underlying host...

9.1CVSS8AI score0.00867EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2025/08/04 11:25 p.m.3 views

SUSE CVE-2025-6000

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault's configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

8CVSS8AI score0.00867EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/01 6:31 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin registration functionality to execute the created files. Notes: - This is onl...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin registration functionality to execute the created files. Notes: - This is onl...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.2 views

Arbitrary Code Injection

Overview github.com/hashicorp/vault/command is a tool for secrets management, encryption as a service, and privileged access management. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit...

9.1CVSS7.4AI score0.00867EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.2 views

Arbitrary Code Injection

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References2
OSV
OSV
added 2025/08/01 5:40 p.m.6 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS7.7AI score0.00867EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.4 views

PT-2025-31661

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.20.1 HashiCorp Vault versions 1.19.7 and earlier HashiCorp Vault versions 1.18.12 and earlier HashiCorp Vault versions 1.16.23 and earlier HashiCorp Vault versions 0.8.0 through 1.16.22 HashiCorp Vault...

9.1CVSS8.2AI score0.00867EPSS
Exploits0References48
RedhatCVE
RedhatCVE
added 2025/05/23 1:23 a.m.9 views

CVE-2022-34181

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller ...

9.1CVSS6.7AI score0.01213EPSS
Exploits0References1
Rows per page
Query Builder