CVE-2026-1306

creationtimestamp| type| source ---|---|--- 2026-02-14 07:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116067809902051986 2026-02-14 07:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mesit5plum2m 2026-02-14 07:56:24+00:00| seen|...

CVE-2020-1306

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304,...

CVE-2025-1306 Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

Oracle Linux 8 : gcc-toolset-13-gcc (ELSA-2025-1306)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1306 advisory. 13.3.1-2.2.0.1 - Merge Oracle patches to 13.3.1-2.2. gfortran needs install-info at installation time. Orabug: 36472775 13.3.1-2.2 - disable jQuery use, don't...

AlmaLinux 8 : gcc-toolset-13-gcc (ALSA-2025:1306)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:1306 advisory. jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 Tenable has extracted the preceding description block directly...

CVE-2024-9251

creationtimestamp| type| source ---|---|--- 2024-09-26 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1306/...

SUSE: Security Advisory (SUSE-SU-2024:1306-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1306 Smart Forms < 2.6.94 - Edit Entries via CSRF

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk...

CVE-2024-1306

CVE-2024-1306 affects the Smart Forms WordPress plugin prior to version 2.6.94. The Red Hat advisory and NVD entry describe a CSRF vulnerability where missing CSRF protections in certain actions allow logged-in users to be tricked into performing unintended actions (e.g., editing entries). Root c...

RHEL 9 : kernel-rt (RHSA-2024:1306)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1306 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Malicious code in wlwz-2312-1306 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77d691b37721923600bfc7d3a91150d10b2362b93e2d147d5f56c1492ac7377e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-293 Malicious code in wlwz-2312-1306 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77d691b37721923600bfc7d3a91150d10b2362b93e2d147d5f56c1492ac7377e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-1306

creationtimestamp| type| source ---|---|--- 2023-03-21 19:59:30+00:00| seen| https://t.me/cibsecurity/60397...

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

CVE-2023-1306

CVE-2023-1306 affects Rapid7 InsightCloudSec. An authenticated attacker could abuse an exposed resource.db() accessor to smuggle Python methods via a Jinja template, enabling code execution. Mitigation: upgrade to InsightCloudSec 23.2.1 (Self-Managed) or apply the managed/SaaS patch released on 2...

CVE-2022-1306

creationtimestamp| type| source ---|---|--- 2022-07-25 18:33:18+00:00| seen| https://t.me/cibsecurity/46915...

DEBIAN-CVE-2022-1306

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2022-1306

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...