CVE-2026-0097

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-0097

Path traversal in the BMC firmware for IntelR Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access...

CVE-2019-0097

Insufficient input validation vulnerability in subsystem for IntelR AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access...

CVE-2023-0097

creationtimestamp| type| source ---|---|--- 2025-03-27 19:26:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9172...

CVE-2025-0097

creationtimestamp| type| source ---|---|--- 2025-02-03 19:33:09+00:00| seen| https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c...

RHSA-2024:0097

creationtimestamp| type| source ---|---|--- 2024-01-09 17:17:24+00:00| seen| https://t.me/ctinow/165138...

Important Photon OS Security Update - PHSA-2023-5.0-0097

Updates of 'openldap', 'linux-secure', 'linux-rt', 'libwebp' packages of Photon OS have been released...

K17025: BIND DNSSEC vulnerability CVE-2010-0097

Security Advisory Description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097 Impact Remote attackers may be able to add the Authenticated Data AD flag to a forg...

CVE-2023-0097

The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0097 Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS

The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0097

CVE-2023-0097 concerns the WordPress plugin Post Grid, Post Carousel, & List Category Posts (versions prior to 2.4.19). The issue arises because the plugin does not validate or escape certain block options before outputting them when the block is embedded, enabling Stored Cross-Site Scripting for...

WordPress Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Plugin < 2.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Post Grid, Post Carousel, & List Category Posts – by Smart Post Show Type Plugin Vulnerable versions 2.4.19 Fixed in 2.4.19 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0097 Patch priority Medium CVSS severity Medium 6.5 Developer Claim...

com.aerse:gcless (=11.2), com.aerse:spring-security-taglib (=1.1) +344 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.2.0.RELEASE <=3.2.1.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.2.0.RELEASE, =3.3.2, =1.0.6, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =1.8.2, =1.8.3 and more Source cves: CVE-2014-0097 Source advisory: OSV:GHSA-GV9V-C375-HVMG...

be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3), com.arsframework:ars-module-cms (>=1.0.0 <=1.1.4) +379 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.1.0.RELEASE <=3.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.1.0.RELEASE, =0.3.3, =1.0.0, =1.0.0, =1.0.0, =1.2.1, =1.2.1, =1.3.6, =1.0.0-alpha2, =1.5, =1.0.0, =3.0.4, =3.0.5 - com.github.ptomli.bedrock:bedrock-core =1.0.0 - com.github.yongjacky:jee.borneo.miri =1.1.6 -...

Old Zimbra vulnerability used to target Ukrainian Government Organizations

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Ukrainian Computer Emergency Response Team CERT-UA has issued an alert about a campaign targeting Ukrainian government entities that involve an exploit for an XSS vulnerability in Zimbra Collaboration Suite. The attacker...

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, th...

Fedora: Security Advisory for chromium (FEDORA-2022-d1a15f9cdb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-0097

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page...

CVE-2022-0097

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page...

CVE-2022-0097

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page...