CVE-2026-0658

The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting bookings via CSRF attacks...

CVE-2022-0658

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...

CVE-2025-0658

creationtimestamp| type| source ---|---|--- 2025-11-27 01:33:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6la26dwqw2k...

EUVD-2007-3155

Malware in sbrugna...

CVE-2021-0658

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107...

CVE-2020-0658

An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'...

CVE-2013-0658

Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request...

Important Photon OS Security Update - PHSA-2024-4.0-0658

Updates of 'curl' packages of Photon OS have been released...

CVE-2024-0658

creationtimestamp| type| source ---|---|--- 2024-03-03 10:16:38+00:00| seen| https://t.me/ctinow/198642...

CVE-2024-0658

The CVE-2024-0658 entry concerns the WordPress Insert PHP Code Snippet plugin. A Stored Cross-Site Scripting (XSS) flaw in versions up to 1.3.4 arises from insufficient input sanitization and output escaping on the insert-php-code-snippet-manage page, allowing an authenticated administrator to in...

WordPress Insert PHP Code Snippet Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0658 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID af77943c0a22 Credits Felipe Restrepo...

Cisco NX-OS Software DHCP Options Command Injection (CVE-2015-0658)

The DHCP implementation in the PowerOn Auto Provisioning POAP feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. This...

CVE-2023-0658

A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The...

CVE-2023-0658

CVE-2023-0658 affects Multilaser RE057 and RE170 (versions 2.1/2.2). The issue resides in the Backup File Handler and involves an unknown portion of the file /param.file.tgz, causing information disclosure. The vulnerability is described as remote-exploitable and classified as critical across mul...

Backdoor.Win32.Oblivion.01.a MVID-2022-0658 Insecure Transit

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/aef85cf0d521eaa6aade11f95ea07ebe.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Oblivion.01.a Vulnerability: Insecure Transit Password Disclosure...

GHSA-WWFW-M54G-GV72 ChakraCore information disclosure vulnerability

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object...

CVE-2022-0658 CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection...

CVE-2022-0658

CVE-2022-0658 affects the CommonsBooking WordPress plugin prior to version 2.6.8. The vulnerability arises because the plugin does not sanitize/escape the location parameter of the calendar_data AJAX action, which is accessible to unauthenticated users, before building dynamic SQL queries. This l...

AlmaLinux 8 : cyrus-sasl (ALSA-2022:0658)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0658 advisory. - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407 Note that Ness...

Oracle Linux 8 : cyrus-sasl (ELSA-2022-0658)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0658 advisory. - Fix for CVE-2022-24407 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...