CVE ID :CVE-2026-41249 Published : June 4, 2026, 8:16 p.m. | 57 minutes ago Description :CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-41249 - CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

VERWANDTEARTIKEL

CVE-2023-5502 - On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.

CVE-2024-27892 - On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).

[Medium] CVE-2026-42547 – IRIS is a web collaborative platform that helps incident responders share techni...

[High] CVE-2026-10871 – A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability af...

[Medium] CVE-2026-11322 – Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that all...

CVE-2026-10871 - Shibby Tomato Web UI rc start_6rd_tunnel os command injection