Important Photon OS Security Update - PHSA-2026-5.0-0866

Updates of 'dnsmasq' packages of Photon OS have been released...

CVE-2026-0866

After the publication of the PoC by the researcher and further analysis, we have determined that this issue does not constitute a valid vulnerability. The technique described is an obfuscation method and does not bypass or impact any implicit or explicit security controls...

CVE-2026-0866

creationtimestamp| type| source ---|---|--- 2026-03-11 09:36:01+00:00| seen| https://infosec.exchange/users/decio/statuses/116209861321874609 2026-03-11 10:09:25+00:00| seen| https://t.me/ctinow/246968 2026-03-11 19:22:12+00:00| seen|...

MiracleLinux 3 : postgresql-8.1.23-4.0.1.AXS3 (AXSA:2012-570:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-570:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselect...

MiracleLinux 4 : postgresql-8.4.12-1.0.1.AXS4 (AXSA:2012-661:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-661:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselect...

EUVD-2026-0866

Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through 1.8.0...

CVE-2020-0866

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0777, CVE-2020-0797, CVE-2020-0800, CVE-2020-0864, CVE-2020-0865,...

CVE-2019-0866

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868,...

Linux Distros Unpatched Vulnerability : CVE-2012-0866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission...

CVE-2025-0866

creationtimestamp| type| source ---|---|--- 2025-02-20 13:08:59+00:00| seen| https://t.me/cvedetector/18526...

CVE-2025-0866 Legoeso PDF Manager <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter

The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘checkedVals’ parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-0866 Legoeso PDF Manager <= 1.2.2 - Authenticated (Author+) SQL Injection via checkedVals Parameter

The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘checkedVals’ parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 10gR2, 11gR1/R2 DBMSJVMEXPPERMS OS Command Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package...

CVE-2024-0866

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The acti...

CVE-2024-0866 Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The acti...

WordPress Check & Log Email Plugin <= 1.0.9 is vulnerable to Broken Access Control

Software Check & Log Email Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0866 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 0ac766d27e85 Credits Sean Murphy Required...

The Unseen Thread Linking Sandman APT and KEYPLUG Backdoor

Summary: The Sandman Advanced Persistent Threat APT is closely linked to suspected threat clusters originating from China, specifically identified as Storm-0866, also known as Red Dev 40. Within the same victim environments, the Sandmans Lua-based malware, LuaDream, and the KEYPLUG backdoor have...

CVE-2023-0866

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV...

UBUNTU-CVE-2023-0866

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV...

CVE-2023-0866

CVE-2023-0866 concerns the GPAC multimedia framework (gpac/gpac) prior to 2.3.0-DEV, with a heap-based buffer overflow vulnerability. The connected sources confirm the issue affects GPAC and describe the underlying flaw as a heap-based overflow. Debian advisories (DSA-5411-1) and related OSS/OSV ...