CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

CVE-2026-1660

Removed by vendor...

CVE-2026-1660

creationtimestamp| type| source ---|---|--- 2026-04-22 12:50:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwdl7pl2u 2026-04-24 07:57:51+00:00| seen| https://ccb.belgium.be/advisories/warning-11-new-vulnerabilities-gitlab-ce-and-ee-editions-patch-immediately...

CVE-2025-1660

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

EUVD-2007-1150

Malware in sbrugna...

CVE-2025-1660

creationtimestamp| type| source ---|---|--- 2025-04-01 13:05:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114262852107639572 2025-04-01 13:05:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114262852107639572 2025-04-03 03:00:00+00:00| seen|...

CVE-2025-1660

CVE-2025-1660 describes a memory corruption vulnerability in Autodesk Navisworks when parsing a crafted DWFX file, allowing arbitrary code execution in the context of the current process. The issue arises from the DWFX parsing path and is exploitable locally, with user interaction required to tri...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1660)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1660 Top Bar < 3.0.5 - Admin+ Stored XSS

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-1660

CVE-2024-1660 affects the WordPress Top Bar plugin prior to 3.0.5, where certain settings were not properly sanitised/escaped in the UI, enabling Stored XSS by high-privilege users (e.g., Administrators) even if unfiltered_html is disabled (including multisite setups). The Red Hat advisory mirror...

WordPress Top Bar Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Top Bar Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1660 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c5d854410a5 Credits Dmitrii Ignatyev Required privileg...

Oracle Linux 8 : mod_auth_mellon (ELSA-2020-1660)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1660 advisory. - Resolves: rhbz1731053 - CVE-2019-13038 modauthmellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft rhel-8 Tenab...

CVE-2023-1660

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...

CVE-2023-1660

The CVE-2023-1660 entry concerns the AI ChatBot WordPress plugin prior to version 4.4.9, which lacks authorization checks and CSRF protection in a function hooked to init. This allows unauthenticated users to modify certain settings, and the lack of proper escaping when these settings are output ...

CVE-2023-1660 ChatBot < 4.4.9 - Unauthenticated Stored XSS

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1660 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 427a28b8a8ff Credits Erwan LR Required privilege...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

SUSE CVE-2007-1660

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

Amazon Linux AMI : postgresql95 (ALAS-2023-1660)

The version of postgresql95 installed on the remote host is prior to 9.5.24-1.83. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1660 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a...

Keysight Technologies Sensor Management Server Deserialization RCE (CVE-2022-1660)

Binary data keysightsmscve-2022-1660.nbin...