Important Photon OS Security Update - PHSA-2026-4.0-0952

Updates of 'openssl' packages of Photon OS have been released...

CVE-2021-0952

In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

Linux Distros Unpatched Vulnerability : CVE-2013-0952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash...

CVE-2023-0952

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization...

CVE-2019-0952

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'...

CVE-2025-0952

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' AJAX action in all versions up to, and including, 2.0.4. This mak...

CVE-2025-0952

creationtimestamp| type| source ---|---|--- 2025-03-14 05:46:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7533 2025-03-14 06:41:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkcyxjwog32s 2025-03-14 07:48:37+00:00| seen|...

CVE-2025-0952

CVE-2025-0952 affects the Eco Nature - Environment & Ecology WordPress Theme. A missing capability check on the cmsmasters_hide_admin_notice AJAX action in all versions up to 2.0.4 allows authenticated users with Subscriber+ access to modify options (e.g., setting hide) and potentially cause a de...

CVE-2025-0952 Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' AJAX action in all versions up to, and including, 2.0.4. This mak...

CVE-2024-0952

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of...

WordPress WP ERP Plugin <= 1.12.9 is vulnerable to SQL Injection

Software WP ERP Type Plugin Vulnerable versions = 1.12.9 Fixed in 1.30.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-0952 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 116fb228aac5 Credits Edwin Siebel edwinsiebel Required privilege Administrator...

AlmaLinux 9 : firefox (ALSA-2024:0952)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

Rocky Linux 9 : python-setuptools (RLSA-2023:0952)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0952 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom...

CVE-2023-0952

creationtimestamp| type| source ---|---|--- 2023-03-01 12:39:24+00:00| seen| https://t.me/cibsecurity/59199...

CVE-2023-0952

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization...

Oracle Linux 9 : python-setuptools (ELSA-2023-0952)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-0952 advisory. 53.0.0-10.1 - Security fix for CVE-2022-40897 Resolves: rhbz2158559 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

AlmaLinux 9 : python-setuptools (ALSA-2023:0952)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0952 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageInde...

CVE-2023-0952

CVE-2023-0952 affects Devolutions Server 2022.3.12 and earlier, due to improper access controls on entries that could allow an authenticated user to access sensitive data without proper authorization. The CVE has a NVD score of 6.5 (Medium) with network attack vector, low attack complexity, and p...

CVE-2023-0952

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization...