Microweber <1.2.11 - Information Disclosure

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from loadmodule:commentssearch=. An attacker can possibly obtain sensitive information, modify data, and/or execute...

CVE-2026-0660

creationtimestamp| type| source ---|---|--- 2026-02-04 18:15:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2i7ayb2y2a...

CVE-2026-0660

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2026-0660

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2021-0660

In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145...

CVE-2022-0660

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11...

EUVD-2026-0660

An SQL injection vulnerability has been reported to affect MARS Multi-Application Recovery Service. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: MARS Multi-Application Recovery...

TencentOS Server 4: spdlog (TSSA-2025:0660)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0660 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: podman (TSSA-2024:0660)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0660 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-0660

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

creationtimestamp| type| source ---|---|--- 2025-03-10 23:13:34+00:00| seen| https://t.me/cvedetector/19982...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

Concrete CMS is affected by a stored XSS in the Folder Function (Add Folder) for versions 9.0.0–9.3.9 due to insufficient input sanitization. An admin can inject XSS payloads into folder names, potentially executing in users’ browsers. The issue is associated with CVSS v4.0/4.0 vector (base 4.8, ...

CVE-2025-0660 Stored XSS in Folder Function by Rogue Admin

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

RHSA-2024:0660

creationtimestamp| type| source ---|---|--- 2024-02-07 16:16:53+00:00| seen| https://t.me/ctinow/180788...

CVE-2024-0660

The CVE-2024-0660 entry concerns Formidable Forms for WordPress with CSRF in the update_settings path. Exact root cause: missing or incorrect nonce validation allows unauthenticated attackers to submit forged requests that alter form settings and inject malicious JavaScript, by prompting a site a...

WordPress Formidable Forms Plugin <= 6.7.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Formidable Forms Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0660 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a7ac0638cbc Credits Webbernaut Required...

CVE-2023-0660

creationtimestamp| type| source ---|---|--- 2023-03-27 20:49:59+00:00| seen| https://t.me/cibsecurity/60801 2025-02-19 22:21:30+00:00| seen| Telegram/UxZlDcyRQjVq4OAKtjLWsTeB1Dr710Zks3u-uJRCQiMy62j...