29 matches found
Security Advisory 0140
Security Advisory 0140 PDF Date: June 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | June 3, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-10040 CVSSv3.1 Base Score: 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSSv4.0 Base Score: 6.8...
CVE-2025-10040
creationtimestamp| type| source ---|---|--- 2025-09-10 09:01:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyhuorocop2r...
CVE-2013-10040
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...
CVE-2013-10040 ClipBucket <= 2.6 ofc_upload_image.php Arbitrary File Upload RCE
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofcuploadimage.php script located at /adminarea/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file...
CVE-2015-10040
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is...
Linux Distros Unpatched Vulnerability : CVE-2016-10040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with multiple...
CVE-2024-10040
creationtimestamp| type| source ---|---|--- 2024-10-18 07:42:57+00:00| seen| https://t.me/cvedetector/8288...
CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...
WordPress Infinite-Scroll Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Infinite-Scroll Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10040 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0d87943023a0 Credits Francesco Carlucci...
RHEL 5 : qt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qt: stack overflow in QXmlSimpleReader CVE-2016-10040 - qt: buffer over-read in readxbmbody in...
RHEL 6 : qt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qt: QPluginLoader loads plugins relative to CWD which could result in arbitrary code execution...
CVE-2015-10040
The CVE-2015-10040 entry concerns gitlearn. The vulnerability affects the Escape Sequence Handler’s getGrade/getOutOf function in scripts/config.sh, where manipulation can lead to injection. The issue is exploitable remotely, with patch 3faa5deaa509012069afe75cd03c21bda5050a64 cited as the fix. M...
SUSE: Security Advisory (SUSE-SU-2018:1902-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-10040
The CVE-2020-10040 entry affects Siemens SICAM MMU (all versions < 2.05), SICAM SGU (all versions), and SICAM T (all versions
CVE-2019-10040
The CVE-2019-10040 issue affects the D-Link DIR-816 A2 (firmware 1.11). The vulnerability arises because the router only checks a random token when authorizing a goform request; an attacker can obtain this token from dir_login.asp and use the hidden API URL /goform/SystemCommand to execute a syst...
Fedora 28 : qt3 (2018-17843a895b)
This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing...
SUSE SLED12 / SLES12 Security Update : libqt4 (SUSE-SU-2018:1902-1)
This update for libqt4 fixes the following issues: LibQt4 was updated to 4.8.7 bsc1039291, CVE-2016-10040: See http://download.qt.io/officialreleases/qt/4.8/4.8.7/changes-4.8.7 for more details. Also libQtWebkit4 was updated to 2.3.4 to match libqt4. Also following bugs were fixed : - Enable...
Updated qt3 packages fix security vulnerability
Updated qt3 packages fix security vulnerability: A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash CVE-2016-10040...
MGASA-2018-0284 Updated qt3 packages fix security vulnerability
Updated qt3 packages fix security vulnerability: A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash CVE-2016-10040...
Fedora 27 : qt3 (2018-0a0da2f3b7)
This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing...