128 matches found
MAL-2026-1665 Malicious code in browser-compat-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 601776b12bb397ecad770ec5b29505afb8704042ffdb079640eb6f0f1903edab The package browser-compat-data was found to contain malicious code...
CVE-2026-1665
creationtimestamp| type| source ---|---|--- 2026-01-30 02:10:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdm7wvs5ju2m...
CVE-2026-1665 Command Injection in nvm via NVM_AUTH_HEADER in wget code path
A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...
CVE-2026-1665
CVE-2026-1665 affects nvm (Node Version Manager) versions 0.40.3 and earlier. The vulnerability arises because the wget path in the nvm_download() function uses eval to execute commands and the NVM_AUTH_HEADER environment variable is not sanitized in that path (unlike the curl path). An attacker ...
CVE-2025-1665
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1665
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1665
creationtimestamp| type| source ---|---|--- 2025-04-01 05:31:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9838...
CVE-2025-1665 Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1665 Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Linux Distros Unpatched Vulnerability : CVE-2022-1665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it...
Linux Distros Unpatched Vulnerability : CVE-2013-1665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote...
CVE-2024-1665
...
Rocky Linux 8 : qt5 (RLSA-2020:1665)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1665 advisory. - An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. CVE-2018-19869 - An issue was...
Oracle Linux 8 : qt5 (ELSA-2020-1665)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1665 advisory. python-qt5 5.13.1-1 - 5.13.1 Resolves: bz1775603 qgnomeplatform 0.4-3 - Rebuild qt5 Resolves: bz1774418 qt5 5.12.5-3 - Re-add srpm macros, just leave...
CVE-2023-1665
creationtimestamp| type| source ---|---|--- 2023-03-28 02:26:34+00:00| seen| https://t.me/cibsecurity/60860 2023-03-28 13:16:28+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4061...
CVE-2023-1665
CVE-2023-1665 affects linagora/twake (versions prior to 0.0.0). The root cause is improper restriction of excessive authentication attempts, enabling brute-force login on the login endpoint (example PoC shows repeated login attempts against /internal/services/console/v1/login). Impact is high: po...
CVE-2023-1665 Improper Restriction of Excessive Authentication Attempts in linagora/twake
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0...
CVE-2023-1665 Improper Restriction of Excessive Authentication Attempts in linagora/twake
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0...
SUSE CVE-2013-0279
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this...
SUSE CVE-2013-0278
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1664, CVE-2013-1665. Reason: This candidate is a duplicate of CVE-2013-1664 and/or CVE-2013-1665. Notes: All CVE users should reference CVE-2013-1664 and/or CVE-2013-1665 instead of this candidate. All references and descriptions in this...