GHSA-27VM-5VPJ-RP5G vulnerabilities

Vulnerabilities for packages: apache-camel-karavan-devmode...

CVE-2026-40022 vulnerabilities

Vulnerabilities for packages: apache-camel-karavan-devmode...

CVE-2026-27131

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...

CVE-2026-27131

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

Quarkus DevMode Enabled

Quarkus installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications. No source data...

CraftCMS DevMode Enabled

CraftCMS installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications. No source data...

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , … because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. Recent assessments: ANHKWAR at Ma...

Flaw in snapd Allows Root Access to Linux Servers

A local privilege-escalation vulnerability in Canonical’s snapd package has been uncovered, which would allow any user to obtain administrator privileges and immediate root access to affected Linux system servers. Snapd is used by Linux users to download and install apps in the .snap file format...

snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation

!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...

snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation

!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...

snapd < 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (2)

Exploit for linux platform in category local exploits !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains t...

snapd &lt; 2.37 (Ubuntu) - &#039;dirty_sock&#039; Local Privilege Escalation (1)

!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...

Apache Struts 2 DevMode Enabled

Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related...

Devmode Remote Command Execution Vulnerability in Elevator Engineering Management System

Elevator project management system is to establish an informatization system applicable to elevator enterprises, which collects elevator business data from various departments in time, has good data communication and exchange capability, standardized management process, unified management model,...

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

JVN#92395431: Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that proof-of-concept co...

Vulnerability warning: Struts2 devMode lead to remote code execution vulnerability-vulnerability warning-the black bar safety net

Last month mid Struts2 vulnerability warning was out, this latest remote code execution vulnerability has been non-stop here. But this time, the vulnerability that happens in devMode mode--the previous official has to inform the user, need in the website officially launched prior to the devMode...

Struts2 exploits tool Devmode version released with the source code-the vulnerabilities and early warning-the black bar safety net

! Disclaimer: This tool is for security testing purposes, the prohibition of the illegal use. Please pay attention and check the tool Safety. When Struts2 turn on devMode mode, will lead to a serious remote code execution vulnerability. If the WebService to start a permission is the highest...

Struts2 devMode turned on under the condition remote code execution vulnerability

Details source: ADLab Qimingxing e ADLab researchers found that when Struts2 in devMode mode When set to true, there is a serious remote code execution vulnerability. If the WebService to start a permission is the highest permission, can remotely execute arbitrary commands, including shutdown, to...