MiracleLinux 4 : bind-9.8.2-0.37.7.0.1.rc1.AXS4 (AXSA:2016-143:02)

"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-143:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...

CVE-2025-1286

The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2019-1286

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1252...

CVE-2025-1286

The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-1286

The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-1286 Download HTML TinyMCE Button <= 1.2 - Reflected XSS

The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-1286

The CVE refers to WordPress plugin Download HTML TinyMCE Button (versions

Linux Distros Unpatched Vulnerability : CVE-2022-1286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - heap-buffer-overflow in mrbvmexec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited...

Linux Distros Unpatched Vulnerability : CVE-2016-1286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a...

CVE-2024-1286

creationtimestamp| type| source ---|---|--- 2024-07-30 09:02:54+00:00| seen| https://t.me/cvedetector/1993...

CVE-2024-1286

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site...

CVE-2024-1286 Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure

The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site...

WordPress Pmpro Membership Maps Plugin < 0.7 is vulnerable to Sensitive Data Exposure

Software Pmpro Membership Maps Type Plugin Vulnerable versions 0.7 Fixed in 0.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1286 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7b3657c40ef Credits Scott Kingsley Clark...

Server Side Request Forgery (SSRF) attack in Fedify

Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...

GHSA-P9CG-VQCC-GRCX Server Side Request Forgery (SSRF) attack in Fedify

Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...

CVE-2023-5045

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286...

PT-2023-31556

Name of the Vulnerable Software and Affected Versions Biltay Technology Kayisi versions prior to 1286 Description The issue is related to an SQL Injection vulnerability, which allows for the improper neutralization of special elements used in an SQL command. This can lead to SQL Injection and...

Siemens SINEC NMS Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-1286 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.19...

CVE-2023-1286 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.5.19...