CVE-2026-1463

creationtimestamp| type| source ---|---|--- 2026-03-18 17:28:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhdz6cvhad2c...

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2026-1463)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2026-1463

wolfSSL Python module vulnerable to Improper Authentication...

CVE-2020-1463

An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'...

CVE-2019-1463

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1400...

CVE-2025-1463

creationtimestamp| type| source ---|---|--- 2025-03-05 11:37:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6540 2025-03-05 14:26:12+00:00| seen| https://t.me/cvedetector/19627...

CVE-2025-1463 Spreadsheet Integration <= 3.8.2 - Cross-Site Request Forgery to Arbitrary Post Publish

The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the class-wpgsi-show.php script. This makes it possible for unauthenticated attackers to publish arbitrary post...

CVE-2024-1463

CVE-2024-1463 corresponds to LearnPress – WordPress LMS Plugin. It enables Stored XSS via Course, Lesson, and Quiz titles/content due to insufficient input sanitization and output escaping in versions up to 4.2.6.3. Exploitation requires LP Instructor-level authentication; an attacker can inject ...

WordPress LearnPress Plugin <= 4.2.6.3 is vulnerable to Cross Site Scripting (XSS)

Software LearnPress Type Plugin Vulnerable versions = 4.2.6.3 Fixed in 4.2.6.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1463 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 652c7a60489a Credits drop Required privilege L...

CVE-2019-1463

creationtimestamp| type| source ---|---|--- 2024-03-09 14:46:19+00:00| seen| https://t.me/ctinow/203947...

CVE-2023-1463

creationtimestamp| type| source ---|---|--- 2023-03-17 15:45:46+00:00| seen| https://t.me/cibsecurity/60247 2025-02-26 15:26:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5506...

CVE-2023-1463 Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23...

CVE-2023-1463 Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23...

CVE-2023-1463

Affected software : TeamPass (nilsteampassnet/teampass) prior to version 3.0.0.23. Vulnerability : Improper authorization allowing an attacker to bypass security via a user-controlled key, effectively bypassing authorization checks. Root cause : Authorization bypass through a user-controlled key ...

Debian: Security Advisory (DLA-233-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...

CVE-2022-1463

The CVE-2022-1463 is tied to the WordPress Booking Calendar plugin (≤ 9.1). The vulnerability is an insecure deserialization/PHP Object Injection via the [bookingflextimeline] shortcode, allowing an attacker with subscriber-level privileges or higher to trigger arbitrary PHP object instantiation ...

PHP Object Injection Vulnerability in Booking Calendar Plugin

On April 18, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for an Object Injection vulnerability in the Booking Calendar plugin for WordPress, which has over 60,000 installations. We received a response the same day and sent over our full disclosure ear...

SUSE: Security Advisory (SUSE-SU-2015:0298-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...