CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 4:18 a.m.•6 views

CVE-2019-11926

Insufficient boundary checks when processing MSOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions betwee...

9.8CVSS6.7AI score0.00974EPSS

Circl•added 2024/12/18 1:41 p.m.•1 views

CVE-2024-11926

creationtimestamp| type| source ---|---|--- 2024-12-18 13:41:54+00:00| seen| https://t.me/cvedetector/13196...

6.5CVSS8.7AI score0.00256EPSS

Cvelist•added 2024/12/18 11:9 a.m.•16 views

CVE-2024-11926 Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions

The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'stPartnerCreateServiceRental', 'stdeleteorderitem', 'stpartnerapprovebooking', 'saveorderitem', and 'userDenyEachInfo' functions in all versions up t...

6.5CVSS0.00256EPSS

Vulnrichment•added 2024/12/18 11:9 a.m.•10 views

CVE-2024-11926 Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions

6.5CVSS6.6AI score0.00256EPSS

Circl•added 2024/11/07 8:17 p.m.•3 views

CVE-2020-11926

creationtimestamp| type| source ---|---|--- 2024-11-07 20:17:13+00:00| seen| https://t.me/cvedetector/10124...

7.5CVSS4.8AI score0.00139EPSS

Cvelist•added 2024/11/07 12:0 a.m.•19 views

CVE-2020-11926

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information...

0.00139EPSS

Cvelist•added 2021/11/23 7:58 p.m.•6 views

CVE-2018-11926

...

CVE•added 2021/11/23 7:58 p.m.•21 views

CVE-2018-11926

This CVE entry is rejected/not used and does not represent an active vulnerability.

7.3AI score

NVD•added 2021/03/29 9:15 p.m.•10 views

CVE-2021-27242

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

8.8CVSS0.00093EPSS

Prion•added 2021/03/29 9:15 p.m.•14 views

Memory corruption

4.6CVSS8.7AI score0.00093EPSS

Exploits0References2Affected Software1

CVE•added 2021/03/29 9:5 p.m.•43 views

CVE-2021-27242

CVE-2021-27242 affects Parallels Desktop 16.0.1-48919. The issue is a memory corruption flaw in the Toolgate component that can be triggered by processing user-supplied data, enabling local attackers to escalate privileges and execute code with hypervisor context. Public sources (ZDI-21-209) desc...

8.8CVSS8.7AI score0.00093EPSS

Exploits0References2Affected Software1

Circl•added 2019/09/09 10:25 a.m.•1 views

CVE-2019-11926

creationtimestamp| type| source ---|---|--- 2019-09-09 10:25:21+00:00| seen| https://t.me/thehackernews/456...

9.8CVSS9AI score0.00974EPSS

The Hacker News•added 2019/09/09 8:12 a.m.•120 views

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file. The vulnerabilities reside in HHVM...

9.8CVSS3.4AI score0.00974EPSS

The Hacker News•added 2019/09/09 8:12 a.m.•3 views

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

9.8CVSS10AI score0.00974EPSS