86 matches found
CVE-2025-15558
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...
PT-2026-22939
Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...
CVE-2021-22117
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins...
CVE-2023-53868
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...
CVE-2023-53868 Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload
Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...
📄 Notepad++ 8.8.7 DLL Hijacking
Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...
Path Traversal
mattermost is vulnerable to Path Traversal. The vulnerability is due to improper validation of the import directory path, where malicious plugins can be placed into the prepackaged plugins directory, and attacker with admin access can exploit this to execute arbitrary code on the server...
Notepad++ Plugin Persistence
This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use...
Exploit for CVE-2025-13390
WP Directory Kit /dev/null echo "+ Auto-login successful"...
EUVD-2021-9275
Malicious code in bioql PyPI...
EUVD-2025-23387
Malicious code in bioql PyPI...
Code Execution
Vault is vulnerable to code execution. The vulnerability is due to a privileged operator with write access to sys/audit being able to exploit a plugin directory in Vault’s configuration, which allows an attacker to execute arbitrary code on the underlying host...
SUSE CVE-2025-6000
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault's configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin registration functionality to execute the created files. Notes: - This is onl...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin registration functionality to execute the created files. Notes: - This is onl...
Arbitrary Code Injection
Overview github.com/hashicorp/vault/command is a tool for secrets management, encryption as a service, and privileged access management. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit...
Arbitrary Code Injection
Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin...
CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
PT-2025-31661
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.20.1 HashiCorp Vault versions 1.19.7 and earlier HashiCorp Vault versions 1.18.12 and earlier HashiCorp Vault versions 1.16.23 and earlier HashiCorp Vault versions 0.8.0 through 1.16.22 HashiCorp Vault...
CVE-2022-34181
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller ...