97 matches found
Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1421)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1421 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...
CVE-2026-1421
creationtimestamp| type| source ---|---|--- 2026-01-26 09:22:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdcw7cfi5m2r...
CVE-2025-1421
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...
CVE-2025-1421 Formula injection in a CSV file in Proget MDM
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...
CVE-2025-1421 Formula injection in a CSV file in Proget MDM
Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...
CVE-2024-1421
creationtimestamp| type| source ---|---|--- 2024-03-13 00:21:45+00:00| seen| https://t.me/ctinow/206301 2024-03-13 00:26:49+00:00| seen| https://t.me/ctinow/206304...
CVE-2024-1421
CVE-2024-1421: HT Mega – Absolute Addons For Elementor stores XSS via the Post Carousel border_type in all versions
WordPress HT Mega Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)
Software HT Mega Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1421 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID f7faf71f734f Credits wesley wcraft Required privilege...
CVE-2023-1421
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter...
CVE-2023-1421
CVE-2023-1421 describes a reflected cross-site scripting (XSS) in Mattermost’s OAuth flow completion endpoints. The vulnerability allows an attacker to induce a victim to click a crafted link with a malicious state parameter, enabling the attacker to perform AJAX requests on behalf of the victim....
K17242: Linux kernel SCTP vulnerability CVE-2015-1421
Security Advisory Description Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT...
CVE-2022-1421
CVE-2022-1421 pertains to the Discy WordPress theme (versions prior to 5.2). The vulnerability is a cross-site request forgery (CSRF) flaw in certain AJAX actions that allows an authenticated attacker (with admin privileges) to modify settings, including payment methods. Impact is limited to admi...
CVE-2022-1421 Discy < 5.2 - Settings Update via CSRF
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...
EulerOS 2.0 SP9 : aide (EulerOS-SA-2022-1421)
According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of...
Mageia: Security Advisory (MGASA-2015-0070)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0077)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:1421-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-1421
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...
CVE-2021-1421
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a local command-injection vulnerability (CVE-2021-1421). An authenticated, non-privileged user in the restricted CLI can cause arbitrary OS commands to run with root privileges due to insufficient validation of input to a configuration...
CVE-2021-1421 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...