LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. id:...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2026-1209)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2026-1209

A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...

EUVD-2015-1209

Malware in sbrugna...

CVE-2023-1209

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...

CVE-2019-1209

An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'...

Linux Distros Unpatched Vulnerability : CVE-2015-1209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in...

CVE-2025-1209

creationtimestamp| type| source ---|---|--- 2025-02-12 17:15:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyofvvguz2g 2025-02-12 20:14:15+00:00| seen| https://t.me/cvedetector/17917...

RHEL 9 : tbb (RHSA-2025:1209)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1209 advisory. Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance...

CentOS 7 : qemu-kvm-ma (RHSA-2020:1209)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1209 advisory. - In libslirp 4.1.0, as used in QEMU 4.2.0, tcpsubr.c misuses snprintf return values, leading to a buffer overflow in later code. CVE-2020-8608 Note that Nessus...

CVE-2024-1209

creationtimestamp| type| source ---|---|--- 2024-02-14 19:16:21+00:00| seen| https://t.me/ctinow/184928 2024-02-21 21:13:12+00:00| seen| https://t.me/arpsyndicate/3862 2024-02-25 14:46:18+00:00| seen| https://t.me/ctinow/192895...

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

CVE-2024-1209

CVE-2024-1209 affects LearnDash LMS for WordPress. Affected versions are all releases up to and including 4.10.1, where direct file access and insufficient protection of uploaded assignments allow unauthenticated access to sensitive uploads, constituting Sensitive Information Exposure. The issue ...

WordPress LearnDash LMS Plugin <= 4.10.1 is vulnerable to Sensitive Data Exposure

Software LearnDash LMS Type Plugin Vulnerable versions = 4.10.1 Fixed in 4.10.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1209 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b49f2746f70f Credits Karl Emil Nikka Required...

rialinna.bonsait.fi Cross Site Scripting vulnerability OBB-3751352

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass (CVE-2013-1209)

The encryption functionality in the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via...

CVE-2023-1209

creationtimestamp| type| source ---|---|--- 2023-05-23 20:26:37+00:00| seen| https://t.me/cibsecurity/64643 2025-01-17 17:57:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2175...

CVE-2023-1209

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...

CVE-2023-1209

The CVE-2023-1209 entry describes a Cross-Site Scripting (XSS) vulnerability in ServiceNow records that can be exploited by an authenticated attacker to inject arbitrary scripts. Affected software is ServiceNow (the platform's records handling), with the root cause described as XSS in the records...

CVE-2023-1209

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...