170 matches found
CVE-2026-1213
creationtimestamp| type| source ---|---|--- 2026-01-27 17:04:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdgajj2elk26...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
MiracleLinux 8 : python-rtslib-2.1.73-2.el8 (AXEA:2021-1213:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXEA:2021-1213:01 advisory. - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus...
Google Chrome < 4.1.0.21 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 4.1.0.21. It is, therefore, affected by multiple vulnerabilities as referenced in the 201503stable-channel-update advisory. - Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM...
CVE-2020-1213
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260...
CVE-2025-1213
A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2025-1213
CVE-2025-1213 affects PiHome 1.77. The vulnerability is a cross-site scripting (XSS) in an unknown functionality of /index.php triggered by manipulating the argument $_SERVER['PHP_SELF']. The attack can be launched remotely and the exploit has been disclosed publicly. Concrete details across conn...
CVE-2025-1213 pihome-shc PiHome index.php cross site scripting
A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2025-1213 pihome-shc PiHome index.php cross site scripting
A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2022-1213
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...
CVE-2024-1213 Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esfinstasaveaccesstoken and efblsavefacebookaccesstoken...
CVE-2024-1213
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box WordPress plugin is affected by a CSRF vulnerability (CVE-2024-1213) affecting all versions up to 6.5.4, caused by missing or incorrect nonce validation in esf_insta_save_access_token and efbl_save_facebook_access_token. This ena...
WordPress Easy Social Feed Plugin <= 6.5.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy Social Feed Type Plugin Vulnerable versions = 6.5.4 Fixed in 6.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1213 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 08e633917104 Credits Eldar Zeynalli...
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0068-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : alsa-plugins / attract-mode / audacious-plugins / blender / etc (2023-a5e10b188a)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-a5e10b188a advisory. FFmpeg 6.0 upgrade. ---- update to 111.0.5563.64. Fixes the following security issues: CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930...
openSUSE 15 Security Update : opera (openSUSE-SU-2023:0114-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0114-1 advisory. - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a...
Mageia: Security Advisory (MGASA-2023-0090)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 36 : chromium (2023-015e4d696d)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-015e4d696d advisory. update to 111.0.5563.64. Fixes the following security issues: CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932...
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Mar 2023)
This host is missing an important security update according to Microsoft Edge Chromium-Based updates. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...