CVE-2026-1084

creationtimestamp| type| source ---|---|--- 2026-01-24 10:40:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md5znczj2r2m...

CVE-2026-1084 Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields

The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-1084

Not used...

EUVD-2012-1084

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-1084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15....

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain...

CVE-2013-1084

Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management ZCM 11.2.3 allows remote attackers to read arbitrary files via a .. dot dot in the Filename parameter in a GetFile action to zenworks-unmaninv/...

CVE-2022-1084

creationtimestamp| type| source ---|---|--- 2025-04-15 14:55:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11842...

Linux Distros Unpatched Vulnerability : CVE-2007-1084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking...

RHSA-2025:1084

creationtimestamp| type| source ---|---|--- 2025-02-26 07:24:00+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5477...

CVE-2025-1084

creationtimestamp| type| source ---|---|--- 2025-02-06 23:35:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113959561999278807 2025-02-07 00:20:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhkdehcres2u 2025-02-07 02:06:34+00:00| seen|...

CVE-2025-1084 Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public...

CVE-2025-1084 Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public...

CVE-2025-1084

The CVE-2025-1084 entry concerns Mindskip xzs-mysql 学之思开源考试系统 3.9.0 with a cross-site request forgery (CSRF) vulnerability. Affected component/functionality is not specified beyond “some unknown functionality,” but the issue is exploitable remotely and affects multiple endpoints. The exploit has ...

Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign

The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control C2 infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. "While occasionally switching to a new remote administration tool or...

CVE-2024-1084

creationtimestamp| type| source ---|---|--- 2024-02-13 20:22:09+00:00| seen| https://t.me/ctinow/184135 2024-03-06 07:07:23+00:00| seen| https://t.me/ctinow/201054...

CVE-2024-1084

Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all...

CVE-2024-1084

GitHub Enterprise Server remote UI vulnerability CVE-2024-1084 is a Cross-site Scripting issue in the tag name pattern field of the tag protections UI. The flaw allows a malicious website, leveraging user interaction and social engineering, to change a user account via CSP bypass with created CSR...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1084)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control C2 framework called PhonyC2 that's been put to use by the actor since 2021. Evidence shows that the custom made, actively developed framework has been leveraged in the February 2023...