Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to an access control vulnerability in AFT web app ( CVE-2026-1264 )

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed access control security vulnerability Vulnerability Details CVEID:CVE-2026-1264 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway allows a remote unauthenticated attacker to view and delete the...

EUVD-2026-1264

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests...

TencentOS Server 4: vim (TSSA-2024:1005)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1005 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2024-1264

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be...

CVE-2009-1264

Frontend User Registration srfeuserregister extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors...

WordPress Broken Link Checker by AIOSEO plugin <= 1.2.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Christiaan Swiers YouGina in WordPress Plugin Broken Link Checker versions = 1.2.3...

CVE-2025-1264

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to SQL Injection via the 'orderBy' parameter in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-1264

creationtimestamp| type| source ---|---|--- 2025-04-06 04:38:34+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10626 2025-04-06 09:12:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lm544knt4t26 2025-04-06 10:07:54+00:00| seen| https://t.me/cvedetector/22216...

CVE-2025-1264 Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to SQL Injection via the 'orderBy' parameter in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-1264 Broken Link Checker by AIOSEO <= 1.2.3 - Authenticated (Contributor+) SQL Injection

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to SQL Injection via the 'orderBy' parameter in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient...

Linux Distros Unpatched Vulnerability : CVE-2023-1264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1264 Note that Nessus relies on the presence of the package as reported by the...

RHEL 8 : kernel (RHSA-2025:1264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1264 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: uvcvideo: Skip parsing frames of...

EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2024-1264)

According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue affects Clients only. Intege...

CVE-2024-1264

creationtimestamp| type| source ---|---|--- 2024-02-07 01:26:41+00:00| seen| https://t.me/ctinow/180453 2024-03-01 09:11:14+00:00| seen| https://t.me/ctinow/197402...

CVE-2024-1264

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be...

CVE-2024-1264

Juanpao JPShop up to version 1.5.02 is affected. The vulnerability resides in the function actionUpdate of /api/controllers/common/UploadsController.php, where manipulating the argument imgage enables unrestricted file uploads. Exploitation is remote and publicly disclosed. Affected versions: JPS...

EulerOS 2.0 SP11 : vim (EulerOS-SA-2023-2672)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1264 - Use of Out-of-range Pointer Offset in GitHub repository...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2746)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2777)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2714)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...