Lucene search
K

46 matches found

CVE
CVE
added 2026/03/23 8:28 p.m.15 views

CVE-2026-23483

Blinko CVE-2026-23483 affects the Blinko AI-powered card note-taking project. Versions 1.8.3 and earlier suffer a path traversal in the plugin file server endpoint: it concatenates paths with join() without validating that the final path remains inside the plugins directory. This could allow an a...

6.9CVSS5.8AI score0.00771EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

xiaoheiFS 安全漏洞

xiaoheiFS is a self-hosted cloud service system developed by Danvei’s individual developers. Versions of xiaoheiFS prior to 0.3.15 contain security vulnerabilities. These vulnerabilities stem from the AdminPaymentPluginUpload endpoint, which allows administrators to upload arbitrary files to the...

7.2CVSS6.3AI score0.00341EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.2 views

Docker Desktop < 4.64.0 CLI Plugin Directory Privilege Escalation (CVE-2025-15558)

The version of Docker Desktop for Windows installed on the remote host is 4.34.x 4.64.0. It is, therefore, affected by a privilege escalation vulnerability. - Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A...

8CVSS7.2AI score0.00472EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2026/03/06 12:0 a.m.4 views

Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

7.8CVSS6.2AI score0.00472EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 9:15 a.m.3 views

CVE-2025-64243

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through = 2.5.6...

4.3CVSS0.00185EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/19 9:31 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the import directory path configuration. An attacker can execute arbitrary code by uploading a malicious plugin to the prepackaged plugins directory. This is only exploitable if the attacke...

8CVSS7.7AI score0.00599EPSS
Exploits0References2
NVD
NVD
added 2025/09/19 8:15 p.m.24 views

CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

8CVSS0.00599EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.6 views

PT-2025-38614

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.10.x through 10.10.1 Mattermost versions 10.9.x through 10.9.3 Mattermost versions prior to...

9.9CVSS7.6AI score0.02829EPSS
Exploits11References58
RedhatCVE
RedhatCVE
added 2025/08/14 4:54 p.m.5 views

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS8.2AI score0.0087EPSS
Exploits1References1
OSV
OSV
added 2025/08/12 3:57 p.m.7 views

CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS8AI score0.0087EPSS
Exploits1References5
OSV
OSV
added 2025/04/17 3:15 a.m.1 views

DEBIAN-CVE-2025-43715

Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...

8.1CVSS5.2AI score0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/04/17 3:15 a.m.16 views

CVE-2025-43715

Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...

6.7AI score
Exploits0References2
OSV
OSV
added 2025/04/17 3:15 a.m.1 views

UBUNTU-CVE-2025-43715

Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...

8.1CVSS5.8AI score0.00166EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/17 12:0 a.m.37 views

CVE-2025-43715

Nullsoft Scriptable Install System NSIS before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by winning a race condition...

8.1CVSS0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.9 views

PT-2025-16929

Name of the Vulnerable Software and Affected Versions Nullsoft Scriptable Install System NSIS versions prior to 3.11 Description The issue allows local users to escalate privileges to SYSTEM during an installation. This occurs because the temporary plugins directory is created under %WINDIR%temp...

8.1CVSS5.9AI score0.00166EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.9 views

PT-2024-23216 · Invision Power Services · Invision Community

Name of the Vulnerable Software and Affected Versions: Invision Community versions prior to 4.7.17 Description: The issue allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPScoremodulesadmineditor toolbar::addPlugin method. This method handles uploaded ZIP...

7.2CVSS8AI score0.00701EPSS
Exploits2References8
OSV
OSV
added 2024/03/06 11:4 a.m.13 views

BIT-PHPLIST-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

9.8CVSS9.9AI score0.0289EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.5 views

SUSE CVE-2009-3229

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service backend shutdown by "re-LOAD-ing" libraries from a certain plugins directory...

4CVSS6.7AI score0.02613EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2021/11/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

7.5CVSS7.2AI score0.00811EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2021/07/06 12:0 a.m.3 views

PT-2021-3849 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.1 Description: The issue is related to a lack of restrictions on file uploads in the phplist application, which can be exploited by uploading a malicious plugin containing PHP files with certain extensions, such as PHP,...

9.8CVSS9.8AI score0.0289EPSS
Exploits1References9
Rows per page
Query Builder