WordPress ARPrice <3.6.1 - SQL Injection

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

CVE-2026-0867

The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied...

RHSA-2026:0867

creationtimestamp| type| source ---|---|--- 2026-01-20 15:52:30+00:00| seen| https://gist.github.com/Darkcrai86/5687a6a36591aba43b61ab356312a627...

MiracleLinux 4 : postgresql-8.4.12-1.0.1.AXS4 (AXSA:2012-661:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-661:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselect...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.AXS4 (AXSA:2011-485:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-485:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2011-0862 Multiple unspecified vulnerabilities in the Java Runtime...

EUVD-2026-0867

Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26...

Photon OS 4.0: Rubygem PHSA-2025-4.0-0867

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0867. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2020-0867

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0868...

CVE-2019-0867

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868,...

Linux Distros Unpatched Vulnerability : CVE-2012-0867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, whic...

CVE-2025-0867

The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This...

CVE-2025-0867

creationtimestamp| type| source ---|---|--- 2025-02-14 12:49:42+00:00| seen| https://infosec.exchange/users/cve/statuses/114002321891252776 2025-02-14 12:53:40+00:00| seen| https://infosec.exchange/users/cve/statuses/114002337449684066 2025-02-14 13:16:08+00:00| seen|...

CVE-2025-0867

CVE-2025-0867 affects SICK MEAC300 (and variants such as MEAC300-FNADE4). Root cause: a standard user can start MEAC applications via the Run As function while administrator credentials are stored, enabling EPC2 to execute commands with administrative privileges and perform privilege escalation. ...

CVE-2025-0867 Privilege Escalation in MEAC300

The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This...

CVE-2022-0867

creationtimestamp| type| source ---|---|--- 2024-11-24 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-24 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-05-16 00:00:00+00:00| exploited| The Shadowserver...

CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

CVE-2024-0867

CVE-2024-0867 – Email Log (WordPress) vulnerability : Unauthenticated Hook Injection in all versions up to 2.4.8 via check_nonce. An attacker can execute actions with hooks without authentication under conditions where a nonce check is present and a nonce is known, and where there is no capabilit...

CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

WordPress Email Log Plugin <= 2.4.8 is vulnerable to Other Vulnerability Type

Software Email Log Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Other Vulnerability Type CVE CVE-2024-0867 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7750b3ba7ece Credits Sean Murphy Required privilege...

CVE-2023-0867

creationtimestamp| type| source ---|---|--- 2023-02-23 18:18:31+00:00| seen| https://t.me/cibsecurity/58788...