Lucene search
K

1562 matches found

EUVD
EUVD
added yesterday13 views

EUVD-2026-36320

OpenClaw: Hook-triggered CLI runs could receive owner MCP tool authority...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS0.00205EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40924

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
CVE
CVE
added 2 days ago13 views

CVE-2026-12158

The CVE pertains to the WordPress plugin RegistrationMagic – User Registration Forms Plugin, vulnerable to Cross-Site Request Forgery up to version 6.0.9.1 due to missing/incorrect nonce validation in process_request. This allows unauthenticated attackers to escalate a form submitter’s privileges...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago14 views

EUVD-2026-31974

obanweb: Unbounded range expansion in cron describe causes memory exhaustion...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References6
OSV
OSV
added 4 days ago4 views

PYSEC-2026-493 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)

Summary Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...

9.8CVSS6.6AI score0.01141EPSS
Exploits1References7
NVD
NVD
added last week9 views

CVE-2026-54636

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS0.00274EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-39806

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-54636

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week14 views

CVE-2026-54636

CVE-2026-54636 concerns Dokku’s cron plugin, which prior to 0.38.7 used commands from app.json to manage system cron for the Dokku user. A cron entry containing shell metacharacters (e.g., >, ;) can escape the container and run commands on the host as the Dokku user, enabling OS command inject...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-54636 Dokku: OS Command Injection via app.json managed Cron

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9CVSS0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52854

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.7 Description The cron plugin uses commands defined in the app.json file to manage system cron tasks running as the Dokku user. If a cron command in app.json contains special shell characters, such as or ;, it can...

9.9CVSS6.1AI score0.00274EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.8 views

Malicious code in leo-cron (npm)

The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/24 11:4 p.m.3 views

MAL-2026-6428 Malicious code in leo-cron (npm)

The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 2:25 p.m.35 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 2:25 p.m.17 views

CVE-2026-27604

FOSSBilling 0.5.4–0.7.x contains an authorization bypass in the API role handling that permits unauthenticated access to privileged /api/system/* endpoints. The issue maps to the system identity (cron admin), allowing admin API methods without credentials, session, or CSRF tokens. Version 0.8.0 i...

10CVSS5.9AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 10:38 p.m.7 views

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50122

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS5.4AI score0.0017EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 3:9 p.m.7 views

Malicious code in vaults-monitor-cron (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b81c6b9e59e86c40858cb47e91d597b3776fea71def7feb3ca11833625fa3923 On npm install, the package's preinstall hook node postinstall.js || true executes automatically. The script collects hostname, username, and current...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49165

Name of the Vulnerable Software and Affected Versions ShopXO versions prior to 6.7.2 Description An authorization bypass exists in the Scheduled Task Endpoint within the app/api/controller/Crontab.php file. This issue allows a remote attacker to bypass authorization by manipulating the OrderClose...

7.5CVSS7.3AI score0.00292EPSS
Exploits0References9
Rows per page
Query Builder