47 matches found
CVE-2026-41249
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...
CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...
GHSA-Q58J-G3F4-H26H CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration
Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...
PT-2026-40973
Name of the Vulnerable Software and Affected Versions CoreShop versions 5.0.1 through 5.1.0-beta.1 Description The GitHub Actions workflow located at .github/workflows/static.yml uses the pull request target trigger and checks out unverified code from the pull request head using the variable ref:...
Astra Linux – Vulnerability in grub2
The GRUB2’s shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules being loaded in GRUB2, thereby breaking the secure boot trust-chain...
CVE-2025-47904
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...
PT-2026-3865
Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.1 through 0.13.x Description vLLM is an inference and serving engine for large language models LLMs. The software loads Hugging Face auto map dynamic modules during model resolution without verifying trust remote code. This...
CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...
EUVD-2019-11923
Malware in sbrugna...
EUVD-2022-33174
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-28735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version v0.10.1, which stems from unverified password reset code that could lead to full account control...
The vulnerability of the UEFI loader in Howyar Reloader for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the UEFI loader in Howyar Reloader for Windows systems involves loading code without checking its integrity. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of AirPrint’s interface on the operating system for managing Synology Router Manager network devices allows a hacker to execute arbitrary code.
The vulnerability of AirPrint’s functionality in the operating system for managing network devices with Synology Router Manager is related to the loading of code without checking its integrity. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2023-41921 Download of Code Without Integrity Check in Kiloview P1/P2 devices
A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...
The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the loading of code without checking its integrity. This allows a perpetrator to execute arbitrary code.
The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the loading of code without checking its integrity. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
IO-1020 Micro ELD 安全漏洞
The IOSiX IO-1020 Micro ELD is an electronic logging device from IOSiX USA. A security vulnerability exists in versions prior to the IO-1020 Micro ELD 360 that originates from the ability to download source code or executable files from an adjacent location without sufficiently verifying the orig...
The vulnerability of the Apache Doris Backend storage and Frontend request processor lies in the fact that code is loaded without checking its integrity, allowing an attacker to execute arbitrary code.
The vulnerability of the Backend storage and Frontend request processor of Apache Doris lies in the fact that code is loaded without any checks for its integrity. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...