CVE-2026-0674

creationtimestamp| type| source ---|---|--- 2026-01-08 10:49:42+00:00| seen| https://gist.github.com/Darkcrai86/a5dbd7ed932484b25cd9fc0ffcfb7658 2026-01-08 12:55:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbvzppce6o2e...

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2020-0674

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713,...

CVE-2013-0674

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter...

CVE-2012-0674

Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site...

CVE-2025-0674

creationtimestamp| type| source ---|---|--- 2025-02-04 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03 2025-02-06 15:21:39+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113957620896581550 2025-02-06 23:48:49+00:00| seen|...

Oracle Siebel CRM (April 2016 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2016 CPU advisory. - Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: UIF Open UI. Supported versions that are affected are 8.1.1...

Photon OS 4.0: Curl PHSA-2024-4.0-0623

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0623. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Beastdoor.oq Vulnerability: Unauthenticated Remote Command Execution...

CVE-2024-0674 Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...

CVE-2024-0674 Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...

CVE-2023-0674

creationtimestamp| type| source ---|---|--- 2023-02-04 12:21:20+00:00| seen| https://t.me/cibsecurity/57517...

CVE-2023-0674

CVE-2023-0674 affects XXL-JOB 2.3.1. The issue concerns the /user/updatePwd endpoint in the New Password Handler, where a cross-site request forgery (CSRF) can be triggered due to insufficient validation. The vulnerability can be exploited remotely and, per sources, the exploit has been disclosed...

CVE-2023-0674 XXL-JOB New Password updatePwd cross-site request forgery

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely...

Security Updates for Microsoft Office Products C2R (February 2019)

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerabilit...

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767...

CVE-2022-0674

CVE-2022-0674 affects the Kunze Law WordPress plugin prior to version 2.1, where the plugin does not escape the E-Mail Error "From" Address setting. This enables stored XSS by high-privilege users (e.g., admins) when unfiltered_html is disallowed. Evidence from multiple sources (PatchStack listin...

CVE-2022-0674 Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-0674

creationtimestamp| type| source ---|---|--- 2021-12-17 20:37:05+00:00| seen| https://t.me/cibsecurity/34214 2022-04-21 13:12:06+00:00| published-proof-of-concept| https://t.me/cKure/9397 2022-04-22 11:53:08+00:00| seen| https://t.me/truesecator/2876 2022-04-27 00:01:18+00:00| seen|...

CVE-2021-0674

CVE-2021-0674 affects the ALAC (ALAC decoder) used in MediaTek and related chipsets. The issue is an out-of-bounds read caused by an incorrect bounds check in the ALAC decoder, leading to local information disclosure without user interaction. Affected state: local access, no privileges required. ...