CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32111
https://notcve.org/view.php?id=CVE-2025-32111
04 Apr 2025 — The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout. La imagen de Docker de acme.sh anterior a 40b6db6 se basa en un archivo .github/workflows/dockerhub.yml que carece de "persist-credentials: false" para acciones/pago. • https://github.com/acmesh-official/acme.sh/commit/40b6db6a2715628aa977ed1853fe5256704010ae • CWE-260: Password in Configuration File •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-38198
https://notcve.org/view.php?id=CVE-2023-38198
13 Jul 2023 — acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. • http://www.openwall.com/lists/oss-security/2023/07/13/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •