118 matches found
CVE-2026-1502
creationtimestamp| type| source ---|---|--- 2026-04-11 02:20:32+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj6rmgmnnj2t 2026-04-13 13:35:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjeyb3uf572r 2026-04-25 16:17:41+00:00| seen|...
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...
Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF
Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...
CVE-2023-1502
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/editcustomer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP5 AND...
CVE-2011-1502
Liferay Portal Community Edition CE 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity aka XXE issue...
Linux Distros Unpatched Vulnerability : CVE-2012-1502
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in the PyPAMconv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service application crash or...
CVE-2025-1502
creationtimestamp| type| source ---|---|--- 2025-03-01 07:27:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6056 2025-03-01 10:35:40+00:00| seen| https://t.me/cvedetector/19223 2025-03-02 11:46:31+00:00| seen| Telegram/SYJnK2bmd26YDUfk3CM5S85the-nA2ke8Nrf5MqkQnqkLfku...
CVE-2025-1502
CVE-2025-1502 affects the WordPress plugin IP2Location Redirection (versions up to and including 1.33.3). The issue is a missing capability check on the AJAX action download_ip2location_redirection_backup , allowing unauthenticated attackers to download the plugin’s settings. Public sources in th...
CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export
The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'downloadip2locationredirectionbackup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download...
CVE-2024-20083
In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1502)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 9 : grafana-pcp (ELSA-2024-1502)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1502 advisory. 5.1.1-2 - Rebuild with latest version of golang - resolves CVE-CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linu...
RHEL 9 : grafana-pcp (RHSA-2024:1502)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1502 advisory. grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decryptin...
CVE-2024-1502
CVE-2024-1502 affects Tutor LMS – eLearning and online course solution for WordPress. The vulnerability is caused by a missing capability check in the function tutor_delete_announcement(), impacting all versions up to and including 2.6.1. This allows authenticated attackers with subscriber-level ...
WordPress Tutor LMS Plugin <= 2.6.1 is vulnerable to Broken Access Control
Software Tutor LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1502 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cc73ea99f391 Credits Lucio Sá Required privilege Subscrib...
Malicious code in wlwz-2312-1502 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b419fbe7b34074ccbdb7a8d3f4ba78e4cf2ce4ec98b0890a6c00bf046cf4287d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-307 Malicious code in wlwz-2312-1502 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b419fbe7b34074ccbdb7a8d3f4ba78e4cf2ce4ec98b0890a6c00bf046cf4287d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-1502
creationtimestamp| type| source ---|---|--- 2023-03-20 11:34:02+00:00| seen| https://t.me/cibsecurity/60299...
CVE-2023-1502
CVE-2023-1502 affects SourceCodester Alphaware Simple E-Commerce System 1.0. The vulnerability is an SQL injection in the file function/edit_customer.php, triggered by manipulating the firstname/mi/lastname inputs (example payload: a' RLIKE SLEEP(5) AND 'dAbu'='dAbu). It can be exploited remotely...
CVE-2022-1502
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions...