Huawei EulerOS: Security Advisory for python-ldap (EulerOS-SA-2026-1408)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-1408

creationtimestamp| type| source ---|---|--- 2026-01-26 03:47:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdcdjol2js2n...

CVE-2026-1408

CVE-2026-1408 affects Beetel 777VR1 (firmware up to 01.00.09/01.00.09_55) in its UART Interface code. The disclosed weakness allows manipulation that can enforce weaker password requirements on a physically targetable device. The attack requires physical access and is described as high complexity...

CVE-2026-1408

A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.0955. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password requirements. The physical device can be targeted for the attack. The attack requires a high level...

CVE-2024-1408

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

CVE-2020-1408

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'...

CVE-2019-1408

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1434...

CVE-2025-1408

creationtimestamp| type| source ---|---|--- 2025-03-22 07:38:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkx7uy4bdy2w 2025-03-22 08:42:03+00:00| seen| https://t.me/cvedetector/20852...

CVE-2025-1408

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdeclinejoingrouprequest and pmapprovejoingrouprequest functions in all versions up to, and including, 5.9.4.4. This makes it...

CVE-2025-1408

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdeclinejoingrouprequest and pmapprovejoingrouprequest functions in all versions up to, and including, 5.9.4.4. This makes it...

CVE-2024-1408

creationtimestamp| type| source ---|---|--- 2024-03-08 14:21:58+00:00| seen| https://t.me/ctinow/203334...

CVE-2024-1408

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

CVE-2024-1408

The CVE concerns the WordPress ProfilePress (Paid Membership Plugin) for ProfilePress plugin in WordPress, affected up to version 4.14.4. The vulnerability is a Stored Cross-Site Scripting through the edit-profile-text-box shortcode caused by insufficient input sanitization and output escaping on...

WordPress ProfilePress Plugin <= 4.14.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1408 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e58197c858c8 Credits Arkadiusz Hydzik Required...

CVE-2019-1408

creationtimestamp| type| source ---|---|--- 2024-02-11 15:36:55+00:00| seen| https://t.me/ctinow/182821...

MAL-2024-304 Malicious code in wlwz-2312-1408 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5190b983aa24f078ba46c6d63efbad3f80fc05d58e83dc9c99a5f2624cc56f62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-1408 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5190b983aa24f078ba46c6d63efbad3f80fc05d58e83dc9c99a5f2624cc56f62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RHCOS 4 : OpenShift Container Platform 4.12.9 (RHSA-2023:1408)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1408 advisory. - capnproto: out of bounds read when handling a list of lists. CVE-2022-46149 Note that Nessus has not tested for this issue but has instead...

node-js-1408 (=1.0.0), node-js-1409 (=1.0.0) potentially affected by CVE-2023-39619 via node-email-check (=1.0.4)

node-email-check NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on node-email-check and may be impacted: - node-js-1408 =1.0.0 - node-js-1409 =1.0.0 Source cves: CVE-2023-39619 Source advisory: OSV:GHSA-9242-6P36-6256...

CVE-2023-1408 Video List Manager <= 1.7 - Admin+ SQL Injection

The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...