ECHO-BA5F-0767-1DA1

Bulletin has no description...

Low Photon OS Security Update - PHSA-2026-5.0-0767

Updates of 'glib' packages of Photon OS have been released...

CVE-2026-0767

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-0767

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-0767 Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw...

MiracleLinux 9 : nss-3.79.0-17.el9 (AXSA:2023-5231:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5231:02 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the...

MiracleLinux 8 : thunderbird-102.8.0-2.el8.ML.1 (AXSA:2023-5135:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5135:10 advisory. Mozilla: Arbitrary memory write via PKCS 12 in NSS CVE-2023-0767 Mozilla: Content security policy leak in violation reports using iframes...

CVE-2022-0767

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2026-0767

creationtimestamp| type| source ---|---|--- 2026-01-09 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-033/...

TencentOS Server 2: thunderbird (TSSA-2023:0029)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0029 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

TencentOS Server 2: nss (TSSA-2023:0035)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0035 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: nss (TSSA-2023:0025)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0025 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2020-0767

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713...

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2025-0767

creationtimestamp| type| source ---|---|--- 2025-02-27 18:26:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5735 2025-02-27 20:56:14+00:00| seen| https://t.me/cvedetector/19068 2025-08-22 13:26:18+00:00| seen| MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80...

CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2025-0767

CVE-2025-0767 pertains to WP Activity Log 5.3.2, where unvalidated user input is directly fed into PHP’s unserialize function inside myapp/classes/Writers/class-csv-writer.php. This is an insecure deserialization risk with high impact (per the cited metrics: CVSS 3.1 base score 9.8, high confiden...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.423)

The version of AHV installed on the remote host is prior to 20220304.423. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.423 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via...