80 matches found
CVE-2021-0526
In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID:...
CVE-2025-0526
creationtimestamp| type| source ---|---|--- 2025-02-11 10:18:08+00:00| seen| https://infosec.exchange/users/cve/statuses/113984738964735848 2025-02-11 11:15:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvjtkgwip2q 2025-02-11 13:10:29+00:00| seen|...
CVE-2025-0526
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
Photon OS 4.0: Vim PHSA-2024-4.0-0689
An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0689. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20696...
CVE-2014-0526
creationtimestamp| type| source ---|---|--- 2024-03-25 11:49:23+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3889 2024-03-25 14:38:09+00:00| seen| https://t.me/tengkorakcybercrewz/810 2024-03-25 14:38:09+00:00| seen| Telegram/HKj6TR4hMohrGsEUcNFDijNGdim3MCZhggfzha3EYtXw 2024-03-25...
SUSE SLES15: libopenvswitch-2_13-0 / libovn-20_03-0 / openvswitch / etc (SUSE-SU-2024:0526-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0526-1 advisory. - CVE-2024-22563: Fixed memory leak via the function xmalloc in /lib/util.c bsc1219059. Tenable has extracted the preceding description bloc...
CVE-2024-0526 CXBSoft Url-shorting HTTP POST Request short_to_long.php sql injection
A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/shorttolong.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been...
CVE-2023-0526
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0526 Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0526 Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0526
The CVE-2023-0526 entry applies to the WordPress plugin Post Shortcode, affecting versions up to 2.0.9. The root cause is that the plugin does not validate and escape certain shortcode attributes before output, enabling Stored Cross‑Site Scripting by users with the contributor role or higher when...
WordPress Post Shortcode Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Post Shortcode Type Plugin Vulnerable versions = 2.0.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0526 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 623dba0711b0 Credits István Márton Require...
Critical Photon OS Security Update - PHSA-2023-3.0-0526
Updates of 'git', 'mariadb' packages of Photon OS have been released...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Backdoor.Win32.Cafeini.b Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Family: Cafeini Type: PE32 MD5:...
SUSE: Security Advisory (SUSE-SU-2022:0526-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-0526
creationtimestamp| type| source ---|---|--- 2022-02-09 07:12:28+00:00| seen| https://t.me/cibsecurity/37043...
CVE-2022-0526 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot
Cross-site Scripting XSS - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0...
CVE-2022-0526 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot
Cross-site Scripting XSS - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0...
CVE-2022-0526
A stored XSS in chatwoot/chatwoot prior to version 2.2.0. The vulnerability stems from insufficient validation of client-side data by the web application, enabling injection of arbitrary JavaScript via user-controlled fields (e.g., custom_attributes). Impact is client-side script execution in aff...