Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1420)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1420 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 net/http: memory exhaustion in...

CVE-2026-1420

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapskcrypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2026-1420

creationtimestamp| type| source ---|---|--- 2026-01-26 07:49:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdcqyu4zxi26 2026-01-26 15:11:04+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115962037145287831...

CVE-2026-1420

CVE-2026-1420 affects Tenda AC23 routers (Firmware 16.03.07.52). The vulnerability is a buffer overflow in the /goform/WifiExtraSet function caused by manipulation of the wpapsk_crypto argument, enabling remote exploitation. Reports indicate the exploit has been published and may be used in the w...

CVE-2026-1420 Tenda AC23 WifiExtraSet buffer overflow

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapskcrypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

MiracleLinux 9 : vim-8.2.2637-16.el9.2 (AXSA:2022-3986:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3986:05 advisory. vim: Use of Out-of-range Pointer Offset in vim CVE-2022-0554 vim: Heap-based Buffer Overflow occurs in vim CVE-2022-0943 vim: Out-of-range Pointer...

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

CVE-2019-1420

An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1422, CVE-2019-1423...

CVE-2025-1420

CVE-2025-1420 affects Konsola Proget (server component of the MDM suite). The issue arises from unsanitized input in the activationMessage field, enabling a Stored Cross-Site Scripting attack by a high-privileged user. Estimated CVSS v4 base score 2.4 (LOW); attack vector Adjacent, privileges req...

CVE-2025-1420 XSS in Proget MDM

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

Linux Distros Unpatched Vulnerability : CVE-2022-1420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. CVE-2022-1420 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2015-1420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in the handletopath function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigg...

CentOS 7 : firefox (RHSA-2020:1420)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1420 advisory. - When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned...

CVE-2024-1420

creationtimestamp| type| source ---|---|--- 2024-02-12 16:21:56+00:00| seen| https://t.me/ctinow/183208...

CVE-2019-1420

creationtimestamp| type| source ---|---|--- 2024-02-11 16:41:14+00:00| seen| https://t.me/ctinow/182835...

CVE-2023-1420

creationtimestamp| type| source ---|---|--- 2023-04-24 22:19:29+00:00| seen| https://t.me/cibsecurity/62740...

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

CVE-2023-1420

CVE-2023-1420 affects WordPress Ajax Search Lite (<= 4.11.0) and Ajax Search Pro (

CVE-2023-1420 Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

CVE-2023-1420 Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...