CVE-2026-1413

Sangfor Operation and Maintenance Security Management System up to 3.0.12 contains a command injection in the HTTP POST Request Handler’s portValidate function, located in /fort/ip_and_port/port_validate. An attacker can remotely manipulate the port argument to execute arbitrary commands. Multipl...

CVE-2012-1413

Cross-site scripting XSS vulnerability in zcinstall/includes/modules/pages/databasesetup/headerphp.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the dbusername parameter to zcinstall/index.php...

CVE-2025-1413

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

CVE-2025-1413

creationtimestamp| type| source ---|---|--- 2025-02-28 09:27:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5851 2025-02-28 09:43:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lja4meodgz2w 2025-02-28 10:00:46+00:00| seen|...

CVE-2025-1413

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

CVE-2025-1413

CVE-2025-1413 affects DaVinci Resolve on macOS prior to 19.1.3. The root cause is incorrect file permissions (rwxrwxrwx) for the application, which can enable Dylib hijacking and privilege escalation for guest accounts, other users, and applications. The vulnerability is local, with high impact t...

CVE-2025-1413 Dylib Hijacking in DaVinci Resolve

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions rwxrwxrwx. This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and...

thelounge may publicly disclose of all usernames/idents via port 113

Per RFC 1413, The unique identifying tuple includes not only the ports, but also the both addresses. Without the addresses, the information becomes both non-unique and public: - If multiple connections happen to use the same local port number which is possible if the addresses differ, the usernam...

CVE-2024-1413

CVE-2024-1413 affects Exclusive Addons for Elementor (WordPress). Vulnerable in Countdown Timer widget through Stored XSS in all versions up to 2.6.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (contributor+) and can cause script executio...

CVE-2019-1413

creationtimestamp| type| source ---|---|--- 2024-02-11 16:07:13+00:00| seen| https://t.me/ctinow/182828...

GitLab 1.0.2 < 14.8.6 / 14.9.0 < 14.9.4 / 14.10.0 < 14.10.1 (CVE-2022-1413)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially...

CVE-2023-1413

creationtimestamp| type| source ---|---|--- 2023-04-17 16:41:57+00:00| seen| https://t.me/cibsecurity/62282...

CVE-2023-1413

The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1413

CVE-2023-1413 concerns the WP VR WordPress plugin prior to version 8.2.9. The vulnerability is a reflected Cross-Site Scripting (XSS) caused by insufficient sanitisation/escaping of parameters before echoing them on output. This could be exploited against high-privilege users such as admins. Acco...

WordPress WP VR Plugin < 8.2.9 is vulnerable to Cross Site Scripting (XSS)

Software WP VR Type Plugin Vulnerable versions 8.2.9 Fixed in 8.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1413 Patch priority High CVSS severity High 7.1 Developer WPFunnels Team PSID f109d593f865 Credits Erwan LR WPScan Required privilege...

GitLab 1.0.2 < 14.8.6, 14.9.0 < 14.9.4, 14.10.0 < 14.10.1 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

CVE-2022-1413

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface...

CVE-2022-1413

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface...

CVE-2022-1413

Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface...

CVE-2022-1413

CVE-2022-1413 — GitLab CE/EE input masking missing . The connected documents confirm a vulnerability in GitLab where missing input masking could disclose potentially sensitive integration properties in the web interface. Affected versions are: 1.0.2 up to but not including 14.8.6, 14.9.0 up to 14...