Lucene search
+L

169 matches found

nvd
nvd
added 2 days ago5 views

CVE-2026-61446

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS0.00221EPSS
Exploits0References2
euvd
euvd
added 2 days ago5 views

EUVD-2026-44646

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS6.6AI score0.00221EPSS
Exploits0References2
nvd
nvd
added 2026/05/04 6:16 p.m.13 views

CVE-2026-42796

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS0.00732EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/04 12:0 a.m.14 views

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References14
susecve
susecve
added 2026/03/15 12:28 a.m.12 views

SUSE CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS5.8AI score0.00472EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.4 views

PT-2026-24602

Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a victi...

8CVSS5.8AI score0.00472EPSS
Exploits0References5
github
github
added 2026/03/05 12:10 a.m.15 views

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...

8CVSS6AI score0.00472EPSS
Exploits0References8Affected Software1
euvd
euvd
added 2026/03/05 12:10 a.m.12 views

EUVD-2025-208275

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...

7CVSS5.9AI score0.00472EPSS
Exploits0References7
nvd
nvd
added 2026/03/04 5:16 p.m.18 views

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS0.00472EPSS
Exploits0References6
cvelist
cvelist
added 2026/03/04 4:14 p.m.36 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

7CVSS0.00472EPSS
Exploits0References3
osv
osv
added 2026/03/04 4:14 p.m.13 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

7CVSS7.1AI score0.00472EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/03/04 4:14 p.m.3 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

7CVSS5.9AI score0.00472EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/16 8:44 p.m.8 views

CVE-2023-53892

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

8.6CVSS8.6AI score0.00797EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

8.8CVSS8.8AI score0.00744EPSS
Exploits1References1
nvd
nvd
added 2025/12/15 9:15 p.m.8 views

CVE-2023-53892

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

8.6CVSS0.00797EPSS
Exploits1References3
nvd
nvd
added 2025/12/15 9:15 p.m.5 views

CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

8.8CVSS0.00744EPSS
Exploits1References3
cve
cve
added 2025/12/15 8:28 p.m.14 views

CVE-2023-53892

Summary: CVE-2023-53892 affects Blackcat CMS 1.4 with a remote code execution flaw in the jquery plugin manager. Authenticated admins can upload ZIP packages containing a PHP shell and trigger arbitrary system commands by accessing the uploaded plugin file with a code parameter. Affected software...

8.6CVSS8.3AI score0.00797EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2025/12/15 8:28 p.m.5 views

CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

8.6CVSS8.3AI score0.00797EPSS
Exploits1References3
cvelist
cvelist
added 2025/12/15 8:28 p.m.22 views

CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

8.6CVSS0.00797EPSS
Exploits1References3
osv
osv
added 2025/12/15 8:28 p.m.6 views

CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

8.6CVSS6.8AI score0.00797EPSS
Exploits1References5
Rows per page
Query Builder