RHEL 9 : thunderbird (RHSA-2026:1415)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:1415 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component...

CVE-2026-1415

creationtimestamp| type| source ---|---|--- 2026-01-26 03:18:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdcbvaumbc2h...

EUVD-2025-16000

Malicious code in bioql PyPI...

CVE-2025-1415

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2019-1415

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...

CVE-2025-1415

creationtimestamp| type| source ---|---|--- 2025-05-21 13:42:35+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17113...

CVE-2025-1415

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-1415 Information disclosure in Proget MDM

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-1415

In Proget MDM, the CVE-2025-1415 issue concerns a low-privileged user who can retrieve information about tasks run on managed devices and obtain device UUIDs needed for exploitation of CVE-2025-1416. The attack requires knowing a task_id, but brute-forcing is possible due to lack of request limit...

CVE-2024-1415 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attacker...

CVE-2024-1415

CVE-2024-1415 affects the WordPress plugin Responsive Contact Form Builder & Lead Generation (lead-form-builder) up to version 1.8.9. Root cause: missing/incorrect nonce validation enables CSRF, allowing unauthenticated users to trigger actions (form deletion, lead signup, file upload) by trickin...

CVE-2010-1415

creationtimestamp| type| source ---|---|--- 2024-03-25 11:49:23+00:00| seen| https://t.me/ETHICALHACKERSCOMMUNITY2/3889 2024-03-25 14:38:09+00:00| seen| Telegram/HKj6TR4hMohrGsEUcNFDijNGdim3MCZhggfzha3EYtXw 2024-03-25 14:38:09+00:00| seen| https://t.me/tengkorakcybercrewz/4400 2024-03-25...

RHEL 8 : edk2 (RHSA-2024:1415)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1415 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

CVE-2019-1415

creationtimestamp| type| source ---|---|--- 2024-02-11 16:07:14+00:00| seen| https://t.me/ctinow/182829...

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

CVE-2022-1415

CVE-2022-1415 corresponds to Drools core deserialization vulnerability. Affected component: KIE Drools (Drools core) where improper safeguards during data deserialization allow an authenticated attacker to craft serialized objects (gadgets) and execute arbitrary code on the server. Documented imp...

CVE-2022-1415 Drools: unsafe data deserialization in streamutils

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

CVE-2023-1415

creationtimestamp| type| source ---|---|--- 2023-03-15 19:55:35+00:00| seen| https://t.me/cibsecurity/60071...

CVE-2023-1415

A vulnerability was found in Simple Art Gallery 1.0. It has been declared as critical. This vulnerability affects the function sliderPicSubmit of the file adminHome.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-223126 is the identifier assigned to...