Lucene search
+L

93 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-33997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/31 11:26 p.m.8 views

CVE-2026-33997

A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during docker plugin install. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 3:15 a.m.2 views

DEBIAN-CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.1CVSS5.2AI score0.00387EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 3:15 a.m.7 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS0.00387EPSS
Exploits0References8
OSV
OSV
added 2026/03/31 3:15 a.m.30 views

UBUNTU-CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/31 1:36 a.m.4 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0
OSV
OSV
added 2026/03/31 1:36 a.m.3 views

CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

6.8CVSS5.7AI score0.00387EPSS
Exploits0References10
CVE
CVE
added 2026/03/31 1:36 a.m.46 views

CVE-2026-33997

CVE-2026-33997 affects Moby (docker) prior to 29.3.1. A daemon privilege-validation check is flawed, potentially allowing a privilege set that differs from the user-approved one to be accepted during docker plugin installation. Plugins requesting exactly one privilege are also affected because th...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:36 a.m.5 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 1:36 a.m.9 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.2AI score0.00387EPSS
Exploits0
OSV
OSV
added 2026/03/30 6:52 p.m.1 views

GHSA-M3MH-3MPG-37HW OpenClaw has an Arbitrary Malicious Code Execution Vulnerability

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary During the installation phase of OpenClaw local plugins/hooks, the Git executable can be hijacked by a project-level .npmrc file, leading to arbitrary code execution during installation. Details Please note that the source code...

8.6CVSS6.4AI score0.00136EPSS
Exploits1References4
CVE
CVE
added 2026/03/28 6:0 a.m.15 views

CVE-2025-15445

The CVE-2025-15445 entry relates to the WordPress theme Restaurant Cafeteria up to version 0.4.6. The issue is insecure admin-ajax actions that lack nonce or capability checks, enabling any logged-in user (e.g., a subscriber) to perform privileged operations. The documented impact includes arbitr...

5.4CVSS6AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 5:38 p.m.7 views

GHSA-PXQ6-2PRW-CHJ9 Moby has an Off-by-one error in its plugin privilege validation

Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...

6.8CVSS5.7AI score0.00387EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.32 views

PT-2026-28590

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...

9.4CVSS5.9AI score0.00387EPSS
Exploits0References139
Snyk
Snyk
added 2026/03/16 2:56 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the plugin installation process on CI test instances with default admin credentials. An attacker can execute arbitrary code and access sensitive configuration data by uploading a malicious plugin after changin...

6.6CVSS6.2AI score0.00328EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:25 a.m.5 views

CVE-2026-1992

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

8.8CVSS5.9AI score0.00631EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/10 2:21 a.m.12 views

CVE-2026-1920

CVE-2026-1920 affects the WordPress plugin Booktics (Booking Calendar for Appointments and Service Businesses) up to version 1.0.16. The root cause is a missing capability check in Extension_Controller::update_item_permissions_check, allowing unauthenticated attackers to install addon plugins and...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 3:30 p.m.6 views

EUVD-2026-9819

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.10 views

CVE-2025-13091

The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopireadmininstallplugin function in all versions up to, and including, 1.0.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS5.5AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.10 views

CVE-2025-12975

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

7.2CVSS6.1AI score0.00821EPSS
Exploits0References1
Rows per page
Query Builder