Lucene search
K

84 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43534

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS6.2AI score
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS0.00187EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-4275

The Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to the use of 'returntrue' as the permissioncallback for the /installplugin and /activateplugin REST API endpoint...

8.8CVSS5.9AI score0.00187EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.29 views

CVE-2026-56700 Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS0.01683EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/27 11:40 p.m.125 views

poc-ccweb-unauth-rce

CVE — pqhaz3925/ccweb Unauthenticated RCE via Claude Code Cont...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:0 p.m.7 views

CVE-2026-44641

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2026/05/14 12:0 a.m.10 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/10 3:33 p.m.7 views

Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install

Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. Impact The bug allows plugin authors to omit provenance signing data from plugins, bypassing plugin signature...

8.4CVSS6.1AI score0.00178EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/10 3:33 p.m.5 views

GHSA-Q5JF-9VFQ-H4H7 Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install

Helm is a package manager for Charts for Kubernetes. In Helm versions =4.0.0 and =4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. Impact The bug allows plugin authors to omit provenance signing data from plugins, bypassing plugin signature...

8.4CVSS6.1AI score0.00178EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 7:27 p.m.15 views

CVE-2026-35479

CVE-2026-35479 affects InvenTree prior to versions 1.2.7 and 1.3.0, where staff users with staff access could install plugins via the API without requiring a superuser account. This bypasses the intended permission model and could enable installation of arbitrary, potentially harmful plugins. The...

6.6CVSS6AI score0.00216EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.8 views

SUSE CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/31 11:26 p.m.7 views

CVE-2026-33997

A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during docker plugin install. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 3:15 a.m.2 views

DEBIAN-CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.1CVSS5.2AI score0.00387EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 3:15 a.m.7 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS0.00387EPSS
Exploits0References8
OSV
OSV
added 2026/03/31 3:15 a.m.30 views

UBUNTU-CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 1:36 a.m.3 views

CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

6.8CVSS5.7AI score0.00387EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/03/31 1:36 a.m.5 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.2AI score0.00387EPSS
Exploits0
CVE
CVE
added 2026/03/31 1:36 a.m.42 views

CVE-2026-33997

CVE-2026-33997 affects Moby (docker) prior to 29.3.1. A daemon privilege-validation check is flawed, potentially allowing a privilege set that differs from the user-approved one to be accepted during docker plugin installation. Plugins requesting exactly one privilege are also affected because th...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:36 a.m.4 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder