138 matches found
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : librsvg (SUSE-SU-2026:0243-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0243-1 advisory. Update to version 2.57.4 - bsc1243867: - CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels...
AlmaLinux 8 : libsoup (ALSA-2026:0421)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0421 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...
CVE-2026-0421
creationtimestamp| type| source ---|---|--- 2026-01-15 00:29:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcgdctd2lp2e...
CVE-2026-0421
A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode...
RockyLinux 8 : libsoup (RLSA-2026:0421)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0421 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...
Oracle Linux 8 : libsoup (ELSA-2026-0421)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0421 advisory. 2.62.3-11 - Backport patch for CVE-2025-14523 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
CVE-2022-0421
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...
EUVD-2026-0421
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
EUVD-2011-2488
Malware in sbrugna...
CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
CVE-2012-0421
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file...
Linux Distros Unpatched Vulnerability : CVE-2011-0421
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The zipnamelocate function in zipnamelocate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FLUNCHANGED argument, which might...
CVE-2024-0421
creationtimestamp| type| source ---|---|--- 2024-02-12 17:22:11+00:00| seen| https://t.me/ctinow/183283...
CVE-2024-0421
The CVE-2024-0421 entry concerns the WordPress MapPress Maps plugin prior to 2.88.16, where an IDOR allows unauthenticated users to read private and draft posts via an AJAX action that should only expose public maps. Multiple connected sources confirm the flaw and its public-facing impact, includ...
CVE-2024-0421 MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...
Moderate: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
RHEL 8 : expat (RHSA-2024:0421)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0421 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: use-after free caused by overeager destruction of a shared DTD in...
CVE-2023-0421
CVE-2023-0421 refers to a reflected XSS in the Cloud Manager WordPress plugin, affecting versions <= 1.0. The issue arises because the query parameter with the value of the field named (in reports) “ricerca” is not sanitized/escaped before being output in an admin panel, which allows an unauth...
CVE-2023-0421 Cloud Manager <= 1.0 - Reflected XSS
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...
WordPress Cloud Manager Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Cloud Manager Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0421 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e0814c8cc2bc Credits Shreya Pohekar Required...