CVE-2025-0898

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

CVE-2025-0898

The CVE-2025-0898 affects the WordPress plugin Xpro Elementor Addons - Pro (versions up to 1.4.7). The vulnerability, exposed via the Draw SVG widget, allows an authenticated attacker with Contributor-level access (or higher) to perform Arbitrary File Reading on the server, exposing sensitive fil...

CVE-2021-0898

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071...

EUVD-2026-0898

A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...

Critical Photon OS Security Update - PHSA-2025-4.0-0898

Updates of 'ImageMagick' packages of Photon OS have been released...

EUVD-2020-2278

Malware in sbrugna...

CVE-2018-0898

creationtimestamp| type| source ---|---|--- 2025-05-23 05:00:00+00:00| seen| https://projectzero.google/2025/05/the-windows-registry-adventure-7-attack-surface.html 2025-05-23 07:05:54+00:00| seen| https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html...

CVE-2019-0898

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0893, CVE-2019-0894, CVE-2019-089...

CVE-2024-0898

CVE-2024-0898 concerns the WordPress plugin “Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back”. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping in admin settings, affecting...

WordPress Chat Bubble Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Chat Bubble Type Plugin Vulnerable versions = 2.3 Fixed in 2.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0898 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 32320d8c2073 Credits Dipak Panchal th3.d1p4k Required...

CVE-2023-0898

Vulnerability (CVE-2023-0898) affects General Electric MiCOM S1 Agile. The issue is an Uncontrolled Search Path Element (CWE-427) that enables code execution when an attacker places malicious DLL files in the application directory. Affected products are MiCOM S1 Agile (all versions per ICS adviso...

BELL-CVE-2017-0898 CVE-2017-0898 does not affect BellSoft software

Bulletin has no description...

SUSE CVE-2006-0898

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

CVE-2022-0898

CVE-2022-0898 affects the IgniteUp WordPress plugin up to version 3.4.1. The vulnerability arises from insufficient sanitization/escaping of certain fields when high-privilege users lack the unfiltered_html capability, enabling a Stored Cross-Site Scripting (XSS) scenario on admin-facing template...

Mageia: Security Advisory (MGASA-2017-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-0898

In APUsys (MediaTek Apusys), CVE-2021-0898 describes a memory corruption via a use-after-free in the apusys component that can enable local escalation of privilege with System execution privileges required and no user interaction. Affected: apusys; root cause: use-after-free leading to memory cor...

SUSE: Security Advisory (SUSE-SU-2014:0898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3685-2: Ruby regression

USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...