75 matches found
CVE-2026-0940
creationtimestamp| type| source ---|---|--- 2026-03-26 02:38:07+00:00| seen| https://bsky.app/profile/secqube.com/post/3mhwl55qtlp2l...
CVE-2026-0940
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...
CVE-2022-0940
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2019-0940
creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:32+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...
CVE-2020-0940
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1001, CVE-2020-1006, CVE-2020-1017...
CVE-2013-0940
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...
CVE-2008-0940
Cross-site scripting XSS vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407...
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials...
CVE-2023-0940
creationtimestamp| type| source ---|---|--- 2023-03-20 21:04:19+00:00| seen| https://t.me/cibsecurity/60332 2025-02-26 19:24:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5582...
CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...
CVE-2023-0940
CVE-2023-0940 affects the ProfileGrid WordPress plugin prior to 5.3.1. The vulnerability is an unauthorized password-reset via an AJAX endpoint, enabling a low-privilege user (e.g., subscriber) to change passwords for any account, including Administrator accounts. Root cause: missing authorizatio...
CVE-2023-0940 ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...
WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...
K4207: Buffer overflow in mod_include - CAN-2004-0940
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
SUSE: Security Advisory (SUSE-SU-2022:0940-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-0940
creationtimestamp| type| source ---|---|--- 2022-03-14 13:18:00+00:00| seen| https://t.me/cibsecurity/38847...
CVE-2022-0940
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0940 Stored XSS due to Unrestricted File Upload in star7th/showdoc
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0940
The CVE-2022-0940 entry concerns the open‑source tool ShowDoc. Affected software: ShowDoc versions prior to 2.10.4. Vulnerability: stored cross‑site scripting caused by an unrestricted file upload feature, allowing attacker‑supplied content to be stored and served in a way that can execute in a u...