CVE-2026-1054

creationtimestamp| type| source ---|---|--- 2026-01-28 09:20:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdhx2zxaa72n...

MiracleLinux 4 : 389-ds-base-1.2.11.15-94.AXS4 (AXSA:2018-2619:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2619:01 advisory. 389-ds-base: remote Denial of Service DoS via search filters in SetUnicodeStringFromUTF8 in collate.c CVE-2018-1054 389-ds-base: Authentication bypa...

MiracleLinux 3 : drupal-6.27-1.AXS3 (AXSA:2012-1054:02)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-1054:02 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content...

Linux Distros Unpatched Vulnerability : CVE-2018-1054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote,...

CVE-2024-1054

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes ...

CVE-2022-1054

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and emai...

CVE-2020-1054

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143...

WordPress UiCore Elements plugin <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin UiCore Elements versions = 1.0.16...

CVE-2025-1054

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to...

CVE-2025-1054 UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to...

CVE-2025-1054

CVE-2025-1054 affects UiCore Elements – Free Elementor widgets and templates (WordPress). The vulnerability is Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to 1.0.16. Root cause: ins...

CVE-2025-1054 UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to...

SUSE: Security Advisory (SUSE-SU-2025:1054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1054

creationtimestamp| type| source ---|---|--- 2024-03-04 06:42:05+00:00| seen| https://t.me/ctinow/199020 2025-02-06 02:44:19+00:00| seen| Telegram/x1X6-OsI51GwsoabuNJvUM0mruycu5pkpyjsoPdXy4EPRZxl...

CVE-2024-1054

CVE-2024-1054 (Booster for WooCommerce, WordPress) is a Stored Cross-Site Scripting vulnerability in the Booster for WooCommerce plugin’s wcj_product_barcode shortcode. Exploitation requires authentication at contributor level or higher, and affects all versions up to 7.1.6. The issue stems from ...

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...

Design/Logic Flaw

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

Oracle Linux 7 : mailman (ELSA-2020-1054)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1054 advisory. - Resolves: 1599692 - Sanitize input on listinfo page CVE-2018-0618 Tenable has extracted the preceding description block directly from the Oracle Linu...