MiracleLinux 3 : sudo-1.7.2p1-7.AXS3 (AXSA:2010-366:04)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-366:04 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

EUVD-2018-1646

Malware in sbrugna...

EUVD-2017-1646

Malware in sbrugna...

CVE-2022-1646

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

CVE-2013-1646

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via 1 invalid JSON data in a mail-sending POST request, 2 an arbitrary parameter to...

CVE-2025-1646

creationtimestamp| type| source ---|---|--- 2025-02-25 03:25:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5243 2025-02-25 04:00:29+00:00| published-proof-of-concept| Telegram/cLStns7zsxwyvvp-SaqV5KswQNaeisOlZS-64fy21AIBfk 2025-02-25 05:08:07+00:00| seen|...

CVE-2025-1646

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...

CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...

CVE-2025-1646

Lumsoft ERP 8 contains a critical vulnerability in the ASPX File Handler component, specifically in the /Api/TinyMce/UploadAjaxAPI.ashx endpoint. The issue arises from manipulating the file argument, enabling unrestricted file uploads and remote exploitation. Public disclosure exists and has been...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:1646)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1646 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

CVE-2024-1646 Authentication Bypass in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized...

RHEL 8 : grafana (RHSA-2024:1646)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1646 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips/openssl:...

CVE-2023-1646

creationtimestamp| type| source ---|---|--- 2023-03-27 02:39:24+00:00| seen| https://t.me/cibsecurity/60773...

CVE-2023-1646

A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to...

CVE-2023-1646

CVE-2023-1646 affects IObit Malware Fighter 9.4.0.776. The issue resides in the IOCTL Handler’s IMFCameraProtect.sys, manipulation of functions 0x8018E000/0x8018E004 causes a stack-based buffer overflow. Local exploitation is required; the exploit has been publicly disclosed. PT-2023-2360 notes a...

GHSA-7FW6-6MFJ-G3Q2 ckb: Transaction header_deps validation issue (network forking)

Impact fn HeaderCheckercheckvalid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/filesdiff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176 It will cause network forking if one transaction is using a forked block header which is...

Google Chrome Out-of-Bounds Read (CVE-2016-1646)

An out of bounds read vulnerability exists in Google Chrome. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information and create a denial of service condition on the affected system...

CVE-2022-1646

creationtimestamp| type| source ---|---|--- 2022-05-30 12:18:03+00:00| seen| https://t.me/cibsecurity/43541...

CVE-2022-1646

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

CVE-2022-1646

CVE-2022-1646 affects the WordPress plugin Simple Real Estate Pack (versions