Lucene search
+L

118 matches found

Circl
Circl
added 2026/04/11 2:20 a.m.4 views

CVE-2026-1502

creationtimestamp| type| source ---|---|--- 2026-04-11 02:20:32+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj6rmgmnnj2t 2026-04-13 13:35:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mjeyb3uf572r 2026-04-25 16:17:41+00:00| seen|...

5.7CVSS4.7AI score0.00562EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/10 5:54 p.m.5 views

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2026/03/20 12:0 a.m.11 views

Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF

Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:13 a.m.11 views

CVE-2023-1502

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/editcustomer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP5 AND...

8.1CVSS7.3AI score0.00608EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:47 a.m.9 views

CVE-2011-1502

Liferay Portal Community Edition CE 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity aka XXE issue...

4CVSS6.6AI score0.01826EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2012-1502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in the PyPAMconv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service application crash or...

7.5CVSS6.2AI score0.14294EPSS
Exploits6References2
Circl
Circl
added 2025/03/01 7:27 a.m.6 views

CVE-2025-1502

creationtimestamp| type| source ---|---|--- 2025-03-01 07:27:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6056 2025-03-01 10:35:40+00:00| seen| https://t.me/cvedetector/19223 2025-03-02 11:46:31+00:00| seen| Telegram/SYJnK2bmd26YDUfk3CM5S85the-nA2ke8Nrf5MqkQnqkLfku...

5.3CVSS8.7AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2025/03/01 6:39 a.m.64 views

CVE-2025-1502

CVE-2025-1502 affects the WordPress plugin IP2Location Redirection (versions up to and including 1.33.3). The issue is a missing capability check on the AJAX action download_ip2location_redirection_backup , allowing unauthenticated attackers to download the plugin’s settings. Public sources in th...

5.3CVSS6.8AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/01 6:39 a.m.4 views

CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export

The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'downloadip2locationredirectionbackup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download...

5.3CVSS5.2AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2024/08/14 3:15 a.m.4 views

CVE-2024-20083

In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502...

9.8CVSS5.9AI score0.00261EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/04/08 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.99995EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/26 12:0 a.m.24 views

Oracle Linux 9 : grafana-pcp (ELSA-2024-1502)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-1502 advisory. 5.1.1-2 - Rebuild with latest version of golang - resolves CVE-CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linu...

7.5CVSS8.1AI score0.01533EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/25 12:0 a.m.32 views

RHEL 9 : grafana-pcp (RHSA-2024:1502)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1502 advisory. grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decryptin...

7.5CVSS8.2AI score0.01533EPSS
Exploits0References3
CVE
CVE
added 2024/03/12 11:33 p.m.52 views

CVE-2024-1502

CVE-2024-1502 affects Tutor LMS – eLearning and online course solution for WordPress. The vulnerability is caused by a missing capability check in the function tutor_delete_announcement(), impacting all versions up to and including 2.6.1. This allows authenticated attackers with subscriber-level ...

5.4CVSS8.9AI score0.00428EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.11 views

WordPress Tutor LMS Plugin <= 2.6.1 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1502 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cc73ea99f391 Credits Lucio Sá Required privilege Subscrib...

5.4CVSS6.6AI score0.00428EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/24 8:23 p.m.4 views

Malicious code in wlwz-2312-1502 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b419fbe7b34074ccbdb7a8d3f4ba78e4cf2ce4ec98b0890a6c00bf046cf4287d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/01/24 8:23 p.m.6 views

MAL-2024-307 Malicious code in wlwz-2312-1502 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b419fbe7b34074ccbdb7a8d3f4ba78e4cf2ce4ec98b0890a6c00bf046cf4287d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Circl
Circl
added 2023/03/20 11:34 a.m.7 views

CVE-2023-1502

creationtimestamp| type| source ---|---|--- 2023-03-20 11:34:02+00:00| seen| https://t.me/cibsecurity/60299...

8.1CVSS6.3AI score0.00608EPSS
Exploits1References1
CVE
CVE
added 2023/03/20 8:0 a.m.60 views

CVE-2023-1502

CVE-2023-1502 affects SourceCodester Alphaware Simple E-Commerce System 1.0. The vulnerability is an SQL injection in the file function/edit_customer.php, triggered by manipulating the firstname/mi/lastname inputs (example payload: a' RLIKE SLEEP(5) AND 'dAbu'='dAbu). It can be exploited remotely...

8.1CVSS7AI score0.00608EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/04 7:15 a.m.4 views

CVE-2022-1502

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions...

4.3CVSS5.8AI score0.00502EPSS
Exploits0References1
Rows per page
Query Builder