CVE-2025-1384

Least Privilege Violation CWE-272 Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the...

CVE-2025-1384

creationtimestamp| type| source ---|---|--- 2025-07-14 00:25:30+00:00| seen| Telegram/ifFjR89w9yHAC5m7yBI-g-icO1O16AZK3sdaS047K6qdu4...

CVE-2025-1384 Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers

Least Privilege Violation CWE-272 Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the...

CVE-2025-1384

CVE-2025-1384 affects Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio Software. The issue is a Least Privilege Violation (CWE-272) in the communications function between these products, allowing a remote attacker to gain unauthorized access and potentially execute arbitrary co...

CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

CVE-2020-1384

An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation CNG Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1359...

CVE-2019-1384

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'...

Linux Distros Unpatched Vulnerability : CVE-2014-1384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory...

CentOS 7 : nss (RHSA-2021:1384)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1384 advisory. - A flaw was found in the way NSS handled CCS ChangeCipherSpec messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a...

CVE-2024-1384

creationtimestamp| type| source ---|---|--- 2024-08-29 16:13:11+00:00| seen| https://t.me/cvedetector/4397...

CVE-2024-1384 Premium Portfolio Features for Phlox theme <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-1384

CVE-2024-1384 is a stored XSS in the Premium Portfolio Features for Phlox theme plugin for WordPress. It affects all versions up to 2.3.3 and arises from insufficient input sanitization and output escaping on user-supplied attributes of the plugin’s aux_recent_portfolios_grid shortcode. An authen...

CVE-2019-1384

creationtimestamp| type| source ---|---|--- 2024-02-11 15:06:52+00:00| seen| https://t.me/ctinow/182808...

Oracle Linux 5 : pam_krb5 (ELSA-2010-0258)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0258 advisory. - dont vary the password prompt depending on whether or not the user exists or is known to the KDC CVE-2009-1384, 505265 Tenable has extracted the preceding...

CVE-2023-1384

creationtimestamp| type| source ---|---|--- 2023-05-03 16:31:04+00:00| seen| https://t.me/cibsecurity/63228 2023-06-27 08:55:40+00:00| seen| https://t.me/androidMalware/1874...

CVE-2023-1384

The CVE-2023-1384 issue affects Amazon Fire TV Stick 3rd-gen devices (pre-6.2.9.5) and Insignia FireOS TVs (pre-7.6.3.3). The root cause is improper sanitization of the source parameter in the setMediaSource function of the amzn.thin.pl service, which can allow arbitrary JavaScript execution. Rem...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

SUSE CVE-2007-1799

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384...

SUSE CVE-2008-1384

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and probably other...

Security Bulletin: Cross-site scripting vulnerability in Business Space affects IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2018-1384)

Summary Cross-site scripting vulnerability in Business Space allows a remote attacker to inject script. Vulnerability Details CVEID: CVE-2018-1384 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...