Linux Distros Unpatched Vulnerability : CVE-2018-1043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. CVE-2018-1043 Note that Nessus relies on the presence of the...

CVE-2020-1043

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-103...

CVE-2025-1043

creationtimestamp| type| source ---|---|--- 2025-02-20 14:49:28+00:00| seen| https://t.me/cvedetector/18536 2025-02-20 23:26:54+00:00| seen| Telegram/PTOhxFVJBKf3mwqbfNg8QGoqLYG5vzoJiN6Uq9qlpyr3zMBh...

CVE-2025-1043

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-1043 Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-1043 Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.5 - Authenticated (Contributor+) Blind Server-Side Request Forgery via embeddoc Shortcode

The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-1043

CVE-2025-1043 – The WordPress plugin Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files is affected by a Server-Side Request Forgery (SSRF) in all versions up to 2.7.5 via the embeddoc shortcode. With Contributor-level access or higher, an authenticated attacker can cause the web ap...

CVE-2024-1043

creationtimestamp| type| source ---|---|--- 2024-03-01 14:11:54+00:00| seen| https://t.me/ctinow/197624...

CVE-2024-1043

CVE-2024-1043 affects the WordPress plugin AMP for WP – Accelerated Mobile Pages. A missing capability check in the function amppb_remove_saved_layout_data in all versions up to 1.0.93.1 allows authenticated users with contributor access and above to delete arbitrary posts. Affected versions:

WordPress AMP for WP Plugin <= 1.0.93.1 is vulnerable to Broken Access Control

Software AMP for WP Type Plugin Vulnerable versions = 1.0.93.1 Fixed in 1.0.93.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1043 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9c0cb8faa4a6 Credits Sean Murphy Required privileg...

CVE-2023-1043

creationtimestamp| type| source ---|---|--- 2023-02-26 16:25:57+00:00| seen| https://t.me/cibsecurity/58908...

CVE-2023-1043

CVE-2023-1043 affects MuYuCMS 2.2. The vulnerability is a relative path traversal in an unknown function of the file /editor/index.php caused by manipulation of the dir_path argument, enabling remote exploitation. Multiple trusted sources (NVD, Red Hat, OSV, CVE lists) confirm the issue and its p...

Metasploit Weekly Wrap-Up

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...

io_uring Same Type Object Reuse Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

CVE-2022-1043

creationtimestamp| type| source ---|---|--- 2022-08-29 18:34:16+00:00| seen| https://t.me/cibsecurity/48970 2023-02-01 16:16:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve20221043iouringprivesc.rb 2025-02-06 03:13:45+00:00| seen|...

CVE-2022-1043

A flaw was found in the Linux kernel’s iouring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges...

CVE-2022-1043

CVE-2022-1043 concerns a flaw in the Linux kernel io_uring implementation that lets a local attacker corrupt memory, crash the system, or escalate privileges. The connected Nessus advisories (Unity Linux UTSA-2026-004760/003973) reproduce via kernel io_uring flaw; no specific patched version is l...

SUSE SLES12 Security Update : zlib (SUSE-SU-2022:1043-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1043-1 advisory. - zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches. CVE-2018-25032 No...

CVE-2021-1043

creationtimestamp| type| source ---|---|--- 2021-12-15 22:47:02+00:00| seen| https://t.me/cibsecurity/34102...

CVE-2021-1043

CVE-2021-1043 affects Google Pixel devices (Pixel/Titan-M) as documented in the Pixel Update Bulletin. The issue is described as a downgrade attack due to under-utilized anti-rollback protections, enabling local information disclosure without additional execution privileges. Affected component: T...