CVE-2026-1128

The CVE concerns the WP eCommerce WordPress plugin up to version 3.15.1, which lacks a CSRF check when deleting coupons. This allows a logged-in admin to be manipulated via CSRF to remove coupons. No exploitation details are provided beyond the described risk. Affected component: the coupon delet...

EUVD-2020-18322

Malware in sbrugna...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1128)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1128 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Linux Distros Unpatched Vulnerability : CVE-2018-1128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph...

CVE-2025-1128

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

CVE-2025-1128 Everest Forms <= 3.0.9.4 - Unauthenticated Arbitrary File Upload, Read, and Deletion

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVFFormFieldsUpload class in all versions up...

CVE-2025-1128

The CVE-2025-1128 entry concerns the Everest Forms plugin for WordPress. The vulnerability lies in the EVF_Form_Fields_Upload class, where missing file type and path validation in the format method affects all versions up to and including 3.0.9.4. This allows unauthenticated attackers to upload, ...

CVE-2025-1128

creationtimestamp| type| source ---|---|--- 2025-02-25 04:08:48+00:00| seen| https://bsky.app/profile/dinosn.bsky.social/post/3lixyigdwhk22 2025-02-25 05:22:27+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3liy4malhvv2y 2025-02-25 05:53:23+00:00| seen|...

CVE-2024-1128

creationtimestamp| type| source ---|---|--- 2024-03-08 19:56:58+00:00| seen| https://t.me/ctinow/203549...

WordPress Tutor LMS Plugin <= 2.6.0 is vulnerable to Content Injection

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-1128 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f8a158bf40f Credits drop Required privilege Student Published 21 Februar...

CVE-2024-1128

CVE-2024-1128 affects the WordPress Tutor LMS plugin (versions up to and including 2.6.0). The vulnerability is HTML Injection in the Q&A functionality caused by insufficient sanitization of HTML input, allowing authenticated users with Student-level access and above to inject arbitrary HTML onto...

CVE-2021-45036

creationtimestamp| type| source ---|---|--- 2022-11-28 18:28:04+00:00| seen| https://t.me/cibsecurity/53584...

CVE-2022-1128

creationtimestamp| type| source ---|---|--- 2022-07-23 07:24:17+00:00| seen| https://t.me/cibsecurity/46859...

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page...

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1735)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:0112-1 Rating: important References: 1194511 1194512 1194513 1194514 1197680 1198053 1198361 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128...

SUSE SLES12 Security Update : libsolv, libzypp (SUSE-SU-2022:1128-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:1128-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...

Mageia: Security Advisory (MGASA-2022-0130)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5112-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5112-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 03, 2022 https://www.debian.org/security/faq -...