External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery

WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2026-1398)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 4 : php-5.3.3-22.AXS4 (AXSA:2013-117:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-117:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

CVE-2025-1398

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

EUVD-2016-1398

Malware in sbrugna...

CVE-2019-1398

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397...

CVE-2025-1398

creationtimestamp| type| source ---|---|--- 2025-03-17 15:24:20+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114178461483606694 2025-03-17 15:40:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lklihfzuve2v 2025-03-17 17:28:06+00:00| seen|...

CVE-2025-1398

Mattermost Desktop App (Mac) versions

CVE-2025-1398 macOS TCC Bypass via Code Injection

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

CVE-2025-1398 macOS TCC Bypass via Code Injection

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

Linux Distros Unpatched Vulnerability : CVE-2010-1398

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions,...

CVE-2024-1398

creationtimestamp| type| source ---|---|--- 2024-03-02 14:21:53+00:00| seen| https://t.me/ctinow/198368 2024-03-02 14:21:54+00:00| seen| https://t.me/ctinow/198369...

CVE-2024-1398 Ultimate Bootstrap Elements for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headingtitletag’ and ’headingsubtitletag’ parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-1398

CVE-2024-1398 affects the Ultimate Bootstrap Elements for Elementor plugin for WordPress. The vulnerability is Stored Cross-Site Scripting via the heading_title_tag and heading_sub_title_tag parameters in all versions up to 1.3.6, caused by insufficient input sanitization and output escaping. The...

CVE-2019-1398

creationtimestamp| type| source ---|---|--- 2024-02-11 13:02:00+00:00| seen| https://t.me/ctinow/182773...

CVE-2023-1398

creationtimestamp| type| source ---|---|--- 2023-03-14 17:23:35+00:00| seen| https://t.me/cibsecurity/59975...

CVE-2023-1398

CVE-2023-1398 affects XiaoBingBy TeaCMS 2.0. The vulnerability is a path traversal in the unknown functionality of the file egress point /admin/upload, exploitable remotely via traversal sequence '../filedir'. The vulnerability has been publicly disclosed (VDB-222985) and is referenced across mul...

CVE-2022-1398

CVE-2022-1398 affects the WordPress External Media without Import plugin (versions ≤ 1.1.2). Root cause: the plugin lacks authorization and does not ensure media added via URLs are external, enabling authenticated users (e.g., subscribers) to perform blind SSRF. Impact: authenticated blind SSRF w...

CVE-2022-1398 External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks...

SUSE: Security Advisory (SUSE-SU-2012:1210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...