SUSE CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

UBUNTU-CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

EUVD-2026-32778

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblpctrlmsg collapses the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GETDEVICE...

CVE-2026-46151

The CVE-2026-46151 issue affects the Linux kernel usb: usblp driver. A vulnerable path in usblp_ctrl_msg() discards the actual bytes transferred, enabling a short GET_DEVICE_ID transfer to be misinterpreted. The cache_device_id_string() reads a 2-byte big-endian length from the response and trust...

PT-2026-44274

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp ctrl msg collapses the usb control msg return value to 0/-errno, discarding the actual number of bytes transferred. A broken printer can complete the GET...

CVE-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

CVE-2026-1284

creationtimestamp| type| source ---|---|--- 2026-01-26 15:00:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mddj4ce5yz23 2026-01-26 17:24:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mddr5towvi2m 2026-02-13 05:00:00+00:00| seen|...

CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

EUVD-2026-1284

The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Amazon Linux 2023 : firefox (ALAS2023-2025-1284)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1284 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

ECHO-6847-1284-2E4E

Bulletin has no description...

CVE-2020-1284

A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service Vulnerability'...

CVE-2025-1284

creationtimestamp| type| source ---|---|--- 2025-04-24 09:12:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13207 2025-04-24 13:03:56+00:00| seen| https://t.me/cvedetector/23668 2025-04-24 14:19:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnkvntudhh24...

CVE-2025-1284 Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure

The Woocommerce Automatic Order Printing | Formerly WooCommerce Google Cloud Print plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xcwooprinterpreview AJAX action due to missing validation on a user controlled key. This make...

CVE-2025-1284

CVE-2025-1284 affects the WordPress plugin “Woocommerce Automatic Order Printing” (formerly WooCommerce Google Cloud Print), vulnerable up to version 4.1 due to missing validation on a user-controlled key in the xc_woo_printer_preview AJAX action. The issue is an Insecure Direct Object Reference ...

WordPress Woocommerce Automatic Order Printing plugin <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Order Information Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin Woocommerce Automatic Order Printing versions = 4.1...

Linux Distros Unpatched Vulnerability : CVE-2024-1284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromi...

Mitsubishi Electric CNC Series (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : CNC Series Vulnerability : Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote...

CentOS 7 : firefox (RHSA-2022:1284)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1284 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free a...