21 matches found
EUVD-2025-9678
Malicious code in bioql PyPI...
EUVD-2023-42020
Malicious code in bioql PyPI...
CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
CVE-2025-32111 affects the acme.sh Docker image built from a .github/workflows/dockerhub.yml workflow. The root cause is that actions/checkout lacked persist-credentials: false, potentially exposing credentials. The provided metrics indicate high impact (CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/...
PT-2025-14858 · Acme.Sh · Acme.Sh
Name of the Vulnerable Software and Affected Versions: acme.sh versions prior to 40b6db6 Description: The issue concerns a Docker image of acme.sh that is based on a .github/workflows/dockerhub.yml file. This file lacks the "persist-credentials: false" setting for actions/checkout, which may lead...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
Design/Logic Flaw
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
CVE-2023-38198
CVE-2023-38198 affects acme.sh prior to 3.0.6. Root cause: insufficient input validation in the Eval function of the ACME client, allowing remote code execution via arbitrary commands executed from a remote server. Reported in the wild in June 2023. Affected: acme.sh versions
acme.sh 安全漏洞
acme.sh is a scripting tool in the acme.sh open source. A security vulnerability exists in versions of acme.sh prior to 3.0.6 that stems from the ability to run arbitrary commands from a remote server via eval...
CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
VulnCheck KEV: CVE-2023-38198
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...
FreeBSD : acme.sh -- closes potential remote vuln (fdca9418-06f0-11ee-abe2-ecf4bbefc954)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fdca9418-06f0-11ee-abe2-ecf4bbefc954 advisory. - Neil Pang reports: HiCA was injecting arbitrary code/commands into the certificate obtaining process...
PT-2023-3706 · Acme.Sh · Acme.Sh
Name of the Vulnerable Software and Affected Versions: acme.sh versions prior to 3.0.6 Description: The issue arises from insufficient input validation in the Eval function of the ACME protocol client Acme.sh, allowing a remote attacker to execute arbitrary code. This has been exploited in the wi...