CVE-2025-10787

A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has bee...

CVE-2025-10787

creationtimestamp| type| source ---|---|--- 2025-09-22 07:32:01+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lzfvcek63r2q 2025-09-22 11:31:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lzgcow6hij2g...

Malicious code in availab-le-alb-um-zip-10787-electro-shock-blues-5ex8q-tklmne (npm)

The package availab-le-alb-um-zip-10787-electro-shock-blues-5ex8q-tklmne was found to contain malicious code...

MAL-2025-15154 Malicious code in availab-le-alb-um-zip-10787-electro-shock-blues-5ex8q-tklmne (npm)

The package availab-le-alb-um-zip-10787-electro-shock-blues-5ex8q-tklmne was found to contain malicious code...

CVE-2020-10787

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...

CVE-2019-10787

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization...

RockyLinux 9 : postgresql:15 (RLSA-2024:10787)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10787 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

Oracle Linux 9 : postgresql:15 (ELSA-2024-10787)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10787 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.10-1 - Update to 15.10 - Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979 Tenable has extracted...

CVE-2024-10787

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-10787 LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-10787 LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-10787

CVE-2024-10787 is a information-exposure vulnerability in the LA-Studio Element Kit for Elementor WordPress plugin, affecting all versions up to 1.4.4. The issue arises from insufficient restrictions on the posts that can be included via the elementor-template shortcode, allowing authenticated at...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: OSV:GHSA-R9VM-RHMF-7HXX...

Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities

Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-10795 DESCRIPTION: Node.js undefsafe module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a...

CVE-2020-10787

CVE-2020-10787 concerns an elevation of privilege in Vesta Control Panel (VestaCP) up to version 0.9.8-26. Multiple sources confirm that an attacker can gain root system access from the admin account via the v-change-user-password script. Affected product: Vesta Control Panel; vulnerable componen...

CVE-2019-10787

CVE-2019-10787 affects the im-resize Node.js module (v2.3.2 and earlier) and is caused by improper validation of the exec/cmd parameters in index.js, enabling remote code execution via crafted input. CVSS v3.1 base score 9.8 (CRITICAL) with network attack, no user interaction. Remediation: upgrad...

chhyun-utils (>=1.0.12 <=1.0.39), jotunheimr (>=1.11.0 <=1.12.1) +4 more potentially affected by CVE-2019-10787 via im-resize (>=2.0.2 <=2.3.2)

im-resize NPM version =2.0.2, =1.0.12, =1.11.0, =1.0.0, =0.0.1, =2.0.2, =2.0.3 - wn-s3-uploader =1.0.0 Source cves: CVE-2019-10787 Source advisory: SNYK:JS-IMRESIZE-544183...

CVE-2016-10787

The CVE-2016-10787 entry affects cPanel’s Host Access Control feature prior to version 60.0.25, where actionless host.deny entries are mishandled (SEC-187). The vulnerability’s technical basis is the misprocessing of host.deny entries, with an external exploit path not described in the provided d...