Lucene search
K

171 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1492

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.02017EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23842

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.09319EPSS
Exploits7References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56364

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.6 views

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS8AI score0.00599EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.6 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and earlier, 10.8.x and earlier, 10.5.8 and earlier, 9.11.17 and earlier, 10.11.x and earlier, 10.10.1 and earlier, 10.10.x and 10.9.3 and...

8CVSS8.9AI score0.00599EPSS
Exploits0References2
NVD
NVD
added 2025/09/19 8:15 p.m.28 views

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS0.00599EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/19 7:22 p.m.4 views

CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS7.6AI score0.00599EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38614

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.10.x through 10.10.1 Mattermost versions 10.9.x through 10.9.3 Mattermost versions prior to...

9.9CVSS7.6AI score0.02829EPSS
Exploits11References58
Metasploit
Metasploit
added 2025/09/16 6:53 p.m.1058 views

Obsidian Plugin Persistence

This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-11319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root...

8.5CVSS8AI score0.02743EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/08 12:29 a.m.8 views

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

8.1CVSS7.5AI score0.09319EPSS
Exploits7References1
NVD
NVD
added 2025/08/06 3:15 p.m.12 views

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

8.1CVSS0.09319EPSS
Exploits7References1
Vulnrichment
Vulnrichment
added 2025/08/06 2:10 p.m.2 views

CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0...

6.1CVSS6.8AI score0.00311EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/08/06 12:0 a.m.4 views

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

8.1CVSS6.5AI score0.09319EPSS
Exploits7References5
Vulnrichment
Vulnrichment
added 2025/08/06 12:0 a.m.4 views

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

7.6AI score0.09319EPSS
Exploits7References1
Cvelist
Cvelist
added 2025/08/06 12:0 a.m.12 views

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

0.09319EPSS
Exploits7References1
OSV
OSV
added 2025/08/06 12:0 a.m.11 views

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

8.1CVSS8.2AI score0.09319EPSS
Exploits7References3
CVE
CVE
added 2025/08/06 12:0 a.m.39 views

CVE-2025-50286

Grav CMS v1.7.48 is affected by an authenticated RCE via the Admin Panel’s /admin/tools/direct-install feature. An authenticated administrator can upload a malicious plugin (e.g., ZIP with arbitrary PHP) that is extracted and loaded, enabling arbitrary PHP code execution and a reverse shell. The ...

8.1CVSS7.6AI score0.09319EPSS
Exploits7References1Affected Software1
Cvelist
Cvelist
added 2025/07/22 12:0 a.m.10 views

CVE-2025-51459

File Upload vulnerability in agent.hub.controller.refreshplugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with pluginhub.sanitizefilename and pluginsutil.scanplugi...

0.00349EPSS
Exploits1References2
CVE
CVE
added 2025/07/22 12:0 a.m.21 views

CVE-2025-51459

CVE-2025-51459 concerns DB-GPT 0.7.0 where a file-upload vulnerability in agent.hub.controller.refresh_plugins allows remote code execution via uploading a crafted plugin ZIP to /v1/personal/agent/upload. The root cause involves interaction with plugin_hub._sanitize_filename and plugins_util.scan...

6.5CVSS8.2AI score0.00349EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder