CVE-2026-11461

creationtimestamp| type| source ---|---|--- 2026-06-08 00:48:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqhjhmtmh22...

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

CVE-2025-11461

creationtimestamp| type| source ---|---|--- 2025-11-26 20:42:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6kpsketcf2w...

CVE-2025-11461

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2025-11461 Frappe CRM 1.53.1 — Multiple SQL Injections in Dashboard Controller

Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1...

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461 Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting

The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

CVE-2024-11461

The CVE CVE-2024-11461 affects the WordPress Form Data Collector plugin, up to version 2.2.3. It is a Reflected Cross-Site Scripting vulnerability triggered via the page parameter due to insufficient input sanitization and output escaping. Exploitation requires a user to click a crafted link, ena...

Huawei EulerOS: Security Advisory for nautilus (EulerOS-SA-2022-1356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : nautilus (EulerOS-SA-2022-1356)

According to the versions of the nautilus packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap...

openSUSE Security Update : nghttp2 (openSUSE-2019-2234) (Data Dribble) (Resource Loop)

This update for nghttp2 fixes the following issues : Security issues fixed : - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...

openSUSE Security Update : flatpak (openSUSE-2019-2038)

This update for flatpak fixes the following issues : Security issues fixed : - CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl...

openSUSE: Security Advisory for flatpak (openSUSE-SU-2019:2038-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : flatpak (SUSE-SU-2019:2185-1)

This update for flatpak fixes the following issues : Security issues fixed : CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl bsc1133043...

SUSE-SU-2019:2185-1 Security update for flatpak

This update for flatpak fixes the following issues: Security issues fixed: - CVE-2019-8308: Fixed a potential sandbox escape via /proc bsc1125431. - CVE-2019-11460: Fixed a compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl bsc1133043...

CVE-2019-11461

CVE-2019-11461 affects GNOME Nautilus: a compromised thumbnailer can escape the bubblewrap sandbox by abusing TIOCSTI on 64-bit systems, due to improper filtering. Affected: Nautilus 3.30 before 3.30.6 and 3.32 before 3.32.1. Impact: local sandbox escape; the issue is analogous to CVE-2019-10063....

CVE-2018-11461

Siemens SINUMERIK controllers (808D v4.7/v4.8, 828D v4.7 &lt;SP6 HF1, 840D sl v4.7 &lt;SP6 HF5, 840D sl v4.8

ICSA-18-345-02 Siemens SINUMERIK Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls,...

CVE-2017-11461

CVE-2017-11461 concerns NetApp OnCommand Unified Manager for 7-mode (core package) prior to version 5.2.1. The issue is a UI redress/clickjacking vulnerability that could cause a user to perform an unintended action within the web interface. The affected software is the OnCommand Unified Manager ...