CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

NVD•added 2026/05/04 6:16 p.m.•3 views

CVE-2026-42796

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS0.00487EPSS

Exploits0References3

Positive Technologies•added 2026/05/04 12:0 a.m.•2 views

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

9.8CVSS6.5AI score0.00487EPSS

Exploits0References14

SUSE CVE•added 2026/03/15 12:28 a.m.•0 views

SUSE CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS5.8AI score0.00023EPSS

Exploits0References3

Positive Technologies•added 2026/03/10 12:0 a.m.•0 views

PT-2026-24602

Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a victi...

8CVSS5.8AI score0.00023EPSS

Exploits0References5

EUVD•added 2026/03/05 12:10 a.m.•3 views

EUVD-2025-208275

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows...

7CVSS5.9AI score0.00023EPSS

Exploits0References7

Github Security Blog•added 2026/03/05 12:10 a.m.•8 views

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe,...

8CVSS6AI score0.00023EPSS

Exploits0References8Affected Software1

NVD•added 2026/03/04 5:16 p.m.•4 views

CVE-2025-15558

8CVSS0.00023EPSS

Exploits0References3

OSV•added 2026/03/04 5:16 p.m.•0 views

CVE-2025-15558

8CVSS5.8AI score

Exploits0References3

Cvelist•added 2026/03/04 4:14 p.m.•25 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

7CVSS0.00023EPSS

Exploits0References3

Vulnrichment•added 2026/03/04 4:14 p.m.•1 views

CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

7CVSS5.9AI score0.00023EPSS

Exploits0References3

RedhatCVE•added 2025/12/16 8:44 p.m.•2 views

CVE-2023-53892

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

8.6CVSS8.6AI score0.01019EPSS

Exploits1References1

RedhatCVE•added 2025/12/16 8:44 p.m.•1 views

CVE-2023-53868

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

8.8CVSS8.8AI score0.00505EPSS

Exploits1References1

NVD•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53892

8.6CVSS0.01019EPSS

Exploits1References3

OSV•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53892

7.2CVSS8.6AI score

Exploits0References3

NVD•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53868

8.8CVSS0.00505EPSS

Exploits1References3

OSV•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-53868

8.8CVSS8.7AI score

Exploits0References3

Cvelist•added 2025/12/15 8:28 p.m.•16 views

CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

8.6CVSS0.01019EPSS

Exploits1References3

Vulnrichment•added 2025/12/15 8:28 p.m.•2 views

CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

8.6CVSS8.3AI score0.01019EPSS

Exploits1References3

CVE•added 2025/12/15 8:28 p.m.•4 views

CVE-2023-53892

Summary: CVE-2023-53892 affects Blackcat CMS 1.4 with a remote code execution flaw in the jquery plugin manager. Authenticated admins can upload ZIP packages containing a PHP shell and trigger arbitrary system commands by accessing the uploaded plugin file with a code parameter. Affected software...

8.6CVSS8.3AI score0.01019EPSS

Exploits1References3Affected Software1

CVE•added 2025/12/15 8:22 p.m.•4 views

CVE-2023-53868

CVE-2023-53868 affects Coppermine Gallery 1.6.25. The Red Hat and other connected sources confirm a remote code execution vulnerability in the plugin manager that lets an authenticated user upload a zipped PHP file containing system commands to the plugin directory and then execute code by access...

8.8CVSS8.4AI score0.00505EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by