94 matches found
CVE-2026-0855
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2026-0855
creationtimestamp| type| source ---|---|--- 2026-01-12 06:07:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10626-afbe2-2.html 2026-01-12 07:24:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mc7j3vdmld2u 2026-01-12 07:37:10+00:00| seen|...
CVE-2024-0855
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...
CVE-2023-0855
Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...
WordPress PGS Core plugin <= 5.8.0 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...
CVE-2025-0855
creationtimestamp| type| source ---|---|--- 2025-05-06 23:22:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15237 2025-05-07 00:03:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lok3r3qtkse2 2025-05-07 02:21:07+00:00| seen|...
CVE-2025-0855
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...
CVE-2025-0855
CVE-2025-0855 affects the WordPress PGS Core plugin up to and including v5.8.0, enabling unauthenticated PHP Object Injection via deserialization in import_header. Impact ranges from arbitrary file deletion and data exposure to potential code execution if a POP chain exists with another plugin/th...
CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:0855)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0855 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
CVE-2024-0855
creationtimestamp| type| source ---|---|--- 2024-02-27 10:26:18+00:00| seen| https://t.me/ctinow/194189...
CVE-2024-0855 Spiffy Calendar < 4.9.9 - Broken Access Control
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...
CVE-2024-0855
Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...
WordPress Spiffy Calendar Plugin < 4.9.9 is vulnerable to Broken Access Control
Software Spiffy Calendar Type Plugin Vulnerable versions 4.9.9 Fixed in 4.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0855 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 34d04762f8cf Credits cyc707 Required privilege...
CentOS 8 : pcs (CESA-2023:0855)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:0855 advisory. - Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An...
CVE-2023-0855
creationtimestamp| type| source ---|---|--- 2023-05-11 16:15:21+00:00| seen| https://t.me/cibsecurity/63877...
CVE-2023-0855
CVE-2023-0855 is a buffer overflow in Canon printer IPP number-up attribute handling that enables network-adjacent attackers to trigger a denial of service or execute arbitrary code via the IPP service. Affected families include Canon imageCLASS, LBP, MF, and i-SENSYS printers with firmware versi...
CVE-2023-0855
Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...
IBM Websphere Application Server 7.0 Cross Site Scripting
Exploit Title: IBM Websphere Application Server 7.0 - Persistent Cross-Site Scripting Authenticated Date: 2022-12-02 Author: Milad karimi Software Link: https://www.ibm.com/support/pages/6107-websphere-application-server-v61-fix-pack-7-windows Version: 7.0 Tested on: Windows 10 CVE: 2009-0855 1...
Security Updates for Microsoft Office Products C2R (March 2020)
The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabili...