SUSE SLES12 Security Update : clamav (SUSE-SU-2026:1324-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1324-1 advisory. Update to clamav 1.5.2: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324

creationtimestamp| type| source ---|---|--- 2026-01-22 15:03:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mczhgjrpgg26 2026-01-22 16:01:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mczknhvjek2a...

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

EUVD-2026-1324

The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHPSELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2017-6681

Malware in sbrugna...

CVE-2013-1324

creationtimestamp| type| source ---|---|--- 2025-08-31 03:13:07+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

Linux Distros Unpatched Vulnerability : CVE-2018-1324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and...

CVE-2022-1324

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2003-1324

Race condition in the canopen function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group...

SUSE SLES15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2025:1324-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1324-1 advisory. - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. bsc1240893 Tenable has extracted the...

CVE-2025-1324

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-1324

creationtimestamp| type| source ---|---|--- 2025-03-08 09:36:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6940 2025-03-08 12:35:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljujwouqxy2x 2025-03-08 13:30:56+00:00| seen| https://t.me/cvedetector/19894 2025-03-08...

CVE-2025-1324 WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-1324

CVE-2025-1324 affects the WordPress plugin WP-Recall – Registration, Profile, Commerce & More. It describes a Stored Cross-Site Scripting via the plugin’s shortcode public-form in all versions up to 16.26.10, caused by insufficient input sanitization and output escaping on user-provided attribute...

WordPress QQWorld Auto Save Images Plugin <= 1.9.8 is vulnerable to Broken Access Control

Software QQWorld Auto Save Images Type Plugin Vulnerable versions = 1.9.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1324 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 67a28d48882a Credits Francesco Carlucci...

CVE-2024-1324

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...

CVE-2024-1324 QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...

CVE-2024-1324 QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...

CVE-2024-1324

CVE-2024-1324 affects QQWorld Auto Save Images (WordPress)