CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.91-0.b14.AXS4 (AXSA:2016-213:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-213:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0686 RESERVED This candidate has been reserved by an organization ...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.91-0.b14.el7 (AXSA:2016-215:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-215:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0686 RESERVED This candidate has been reserved by an organization ...

CVE-2021-0687

In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Androi...

Photon OS 5.0: Frr PHSA-2025-5.0-0687

An update of the frr package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0687. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid27694...

Advisory ROSA-SA-2025-3030

software: glibc 2.33 AXIS: ROSA-CHROME unaffected versions = glibc-2.33-11.git5f08d1.3 affected versions glibc-2.33-11.git5f08d1.3 CVE-ID: CVE-2023-0687 BDU-ID: 2023-00731 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the monstartup function of the monstartup file gmon.c of the GNU C System Call...

CVE-2024-0687

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...

CVE-2013-0687

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse...

CVE-2025-0687 Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS

The Spiritual Gifts Survey and optional S.H.A.P.E survey WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

CVE-2025-0687

The CVE-2025-0687 entry covers a reflected Cross-Site Scripting flaw in the WordPress plugin Spiritual Gifts Survey (and S.H.A.P.E. survey) for versions up to 0.9.10. The issue arises because a parameter is not sanitized/escaped before being echoed in the page, allowing a reflected XSS attack tha...

Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to denial of service, buffer overflow and allow a local authenticated attacker to gain elevated privileges

Summary glibc, gnutls, gnupg are used by Execution Engine for Apache Hadoop in all the components. CVE-2023-0687, CVE-2023-4911, CVE-2021-3998, CVE-2023-5156, CVE-2023-4527, CVE-2023-4813, CVE-2022-3515, CVE-2024-28835, CVE-2024-28834 Vulnerability Details CVEID:CVE-2023-0687 DESCRIPTION: GNU C...

CVE-2023-0687 affecting package glibc 2.35-10

CVE-2023-0687 affecting package glibc 2.35-10. This CVE either no longer is or was never applicable...

CVE-2023-0687 affecting package glibc 2.28-24

CVE-2023-0687 affecting package glibc 2.28-24. This CVE either no longer is or was never applicable...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2024-2466)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-2466)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2024-4.0-0687

Updates of 'linux-aws', 'linux' packages of Photon OS have been released...

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2024-2028)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-2028)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-0687

CVE-2024-0687 concerns the WordPress plugin Restrict User Access – Ultimate Membership & Content Protection. Public records in connected documents indicate information exposure via API in all versions up to 2.5, allowing unauthenticated attackers to read the contents of posts and pages through AP...