Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1421)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1421 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

CVE-2026-1421

creationtimestamp| type| source ---|---|--- 2026-01-26 09:22:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdcw7cfi5m2r...

CVE-2025-1421

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

CVE-2025-1421 Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

CVE-2025-1421 Formula injection in a CSV file in Proget MDM

Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC...

CVE-2024-1421

creationtimestamp| type| source ---|---|--- 2024-03-13 00:21:45+00:00| seen| https://t.me/ctinow/206301 2024-03-13 00:26:49+00:00| seen| https://t.me/ctinow/206304...

CVE-2024-1421

CVE-2024-1421: HT Mega – Absolute Addons For Elementor stores XSS via the Post Carousel border_type in all versions

WordPress HT Mega Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software HT Mega Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1421 Patch priority Low CVSS severity Low 6.5 Developer HTMega PSID f7faf71f734f Credits wesley wcraft Required privilege...

CVE-2023-1421

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter...

CVE-2023-1421

CVE-2023-1421 describes a reflected cross-site scripting (XSS) in Mattermost’s OAuth flow completion endpoints. The vulnerability allows an attacker to induce a victim to click a crafted link with a malicious state parameter, enabling the attacker to perform AJAX requests on behalf of the victim....

K17242: Linux kernel SCTP vulnerability CVE-2015-1421

Security Advisory Description Use-after-free vulnerability in the sctpassocupdate function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service slab corruption and panic or possibly have unspecified other impact by triggering an INIT...

CVE-2022-1421 Discy < 5.2 - Settings Update via CSRF

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

CVE-2022-1421

CVE-2022-1421 pertains to the Discy WordPress theme (versions prior to 5.2). The vulnerability is a cross-site request forgery (CSRF) flaw in certain AJAX actions that allows an authenticated attacker (with admin privileges) to modify settings, including payment methods. Impact is limited to admi...

EulerOS 2.0 SP9 : aide (EulerOS-SA-2022-1421)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata such as XFS extended attributes or tmpfs ACLs, because of...

Mageia: Security Advisory (MGASA-2015-0077)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1421-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-1421

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

CVE-2021-1421 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

CVE-2021-1421

Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a local command-injection vulnerability (CVE-2021-1421). An authenticated, non-privileged user in the restricted CLI can cause arbitrary OS commands to run with root privileges due to insufficient validation of input to a configuration...