CVE-2026-0649

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2026-0649

creationtimestamp| type| source ---|---|--- 2026-01-07 03:11:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbsinvln3d2e...

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

EUVD-2026-0649

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

TencentOS Server 4: suricata (TSSA-2025:0649)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0649 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2024-0649

A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function downloadnetworkimage of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack...

CVE-2021-0649

In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROLALWAYSONVPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2025-0649

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649 Stack Exhaustion In Tensorflow Serving

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

CVE-2025-0649

CVE-2025-0649 affects Google’s TensorFlow Serving up to version 2.18.0, where an incorrect JSON input stringification can lead to potentially unbounded recursion and a server crash. Root cause: improper handling of JSON inputs in the serving component. Impact: high availability risk (server crash...

Linux Distros Unpatched Vulnerability : CVE-2016-0649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and...

Microsoft IIS HTTP Internal IP Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS HTTP Internal IP Disclosure', 'Description' = %q Collect any leaked internal IPs by requesting commonly redirected locations from...

Important Photon OS Security Update - PHSA-2024-4.0-0649

Updates of 'linux-aws', 'linux' packages of Photon OS have been released...

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2016:1132)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1132 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaD...

CVE-2024-0649

creationtimestamp| type| source ---|---|--- 2024-01-18 00:31:17+00:00| seen| https://t.me/ctinow/169520 2024-02-10 18:41:46+00:00| seen| https://t.me/ctinow/182624...

CVE-2024-0649 ZhiHuiYun Search ImageController.php download_network_image server-side request forgery

A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function downloadnetworkimage of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack...

Important Photon OS Security Update - PHSA-2023-3.0-0649

Updates of 'mozjs60', 'c-ares' packages of Photon OS have been released...

CVE-2022-45722

ezEIP v5.3.00649 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-45722

CVE-2022-45722 affects ezEIP v5.3.0(0649), which is reported to contain a cross-site scripting (XSS) vulnerability. The NVD entry lists CVSS 3.1 metrics: AV:N, AC:L, PR:N, UI:R, S:C, C:L, I:L, A:N (base score 6.1, Medium). Public exploitation details are not provided in the available documents (E...

CVE-2023-0649

creationtimestamp| type| source ---|---|--- 2023-02-02 18:44:54+00:00| seen| https://t.me/cibsecurity/57401 2025-03-26 14:25:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8853...