SUSE: Security Advisory (SUSE-SU-2026:1321-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-1321

creationtimestamp| type| source ---|---|--- 2026-03-05 08:16:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgcebicjpg2t 2026-03-05 11:11:23+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mgcnzmxg772h 2026-03-06 02:38:04+00:00| seen|...

MiracleLinux 8 : SDL-1.2.15-38.el8 (AXSA:2021-1321:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1321:01 advisory. SDL: buffer over-read in IMAADPCMnibble in audio/SDLwave.c CVE-2019-7572 SDL: heap-based buffer overflow in MSADPCMdecode in audio/SDLwave.c...

EUVD-2026-1321

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Exploit for Prototype Pollution in Typeorm

CVE-2020-8158: TypeORM Prototype Pollution Vulnerability O...

EUVD-2007-5701

Malware in sbrugna...

CVE-2020-1321

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'...

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...

CVE-2024-1321

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...

CVE-2024-1321 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...

CVE-2024-1321

The CVE-2024-1321 entry concerns EventPrime – Events Calendar, Bookings and Tickets for WordPress. Affected versions (up to 3.4.2) allow unauthenticated users to update the payment status, enabling unauthenticated attendees to book events for free. Root cause: payment-status updates are permitted...

Oracle Linux 5 : nfs-utils (ELSA-2009-1321)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1321 advisory. 1.0.9-42 - mountd: Check host alias with netgroups bz 478952 - exportfs: fixed typo in man page bz 474848 - nfs.init: NFS server reboot results in 'Stale NFS fi...

CVE-2023-1321

creationtimestamp| type| source ---|---|--- 2023-03-10 18:21:18+00:00| seen| https://t.me/cibsecurity/59798...

CVE-2023-1321

lmxcms 1.41 contains a SQL injection in AcquisiAction.class.php: the update function’s id parameter can be manipulated (example: -1 with updatexml(0,concat(0x7e,user()),1)#) to trigger remote exploitation. This vulnerability has been publicly disclosed. Some sources mention a workaround for lmxcm...

CVE-2023-1321 lmxcms AcquisiAction.class.php update sql injection

A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...

CVE-2023-1321 lmxcms AcquisiAction.class.php update sql injection

A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...

K49033153: Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322

Security Advisory Description CVE-2018-1321 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations,...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-1321

The CVE-2022-1321 entry concerns miniOrange’s Google Authenticator WordPress plugin, versions before 5.5.6. The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of certain settings, enabling an administrator to inject JavaScript that executes ...

CVE-2022-1321 miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...