45 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-10017
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perfor...
CVE-2026-10017
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10017
Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-10017
creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529...
MiracleLinux 8 : perl-FCGI:0.78 (AXSA:2025-10017:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10017:01 advisory. perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library CVE-2025-40907 Tenable has extracte...
CVE-2020-10017
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution...
CVE-2011-10017
Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...
CVE-2011-10017
Snort Report is vulnerable in versions prior to 1.3.2 due to improper sanitization in the nmap.php and nbtscan.php scripts. The vulnerability allows remote command execution via the target GET parameter with no authentication, potentially resulting in full system compromise. Public reports and CV...
CVE-2024-10017
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...
CVE-2024-10017
creationtimestamp| type| source ---|---|--- 2024-11-16 03:25:11+00:00| seen| https://infosec.exchange/users/cve/statuses/113490494107920469 2024-11-16 06:02:41+00:00| seen| https://t.me/cvedetector/11221...
CVE-2024-10017
CVE-2024-10017 : PJW Mime Config plugin for WordPress is vulnerable to an authenticated Stored XSS via SVG uploads in versions up to 1.0 due to insufficient input sanitization and output escaping. Authenticated attackers with Author-level access (and above) can inject scripts that execute when SV...
CVE-2024-10017 PJW Mime Config <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, ...
WordPress PJW Mime Config Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software PJW Mime Config Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10017 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ebc9aade8a5b Credits Francesco Carlucci Required...
CVE-2012-10017
creationtimestamp| type| source ---|---|--- 2023-12-26 11:26:45+00:00| seen| https://t.me/ctinow/159306 2024-01-18 19:26:53+00:00| seen| https://t.me/ctinow/169891...
CVE-2012-10017
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...
CVE-2012-10017
CVE-2012-10017 describes a cross-site request forgery in the BestWebSoft Portfolio Plugin for WordPress versions up to 2.04. The vulnerability is triggered via remote interaction and affects an unspecified part of the plugin; it does not detail the attack vector beyond CSRF. A fix is available in...
CVE-2012-10017
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...
CVE-2013-10017
creationtimestamp| type| source ---|---|--- 2023-02-04 02:20:58+00:00| seen| https://t.me/cibsecurity/57515...
CVE-2013-10017 fanzila WebFinance save_roles.php sql injection
A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/saveroles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is...
CVE-2013-10017 fanzila WebFinance save_roles.php sql injection
A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/saveroles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is...