Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1666)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1666 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...

CVE-2026-1666

CVE-2026-1666 affects the WordPress Download Manager plugin. It is a Reflected Cross-Site Scripting vulnerability in the login form shortcode via the vulnerable redirect_to GET parameter, due to insufficient input sanitization and output escaping. Affected: all versions up to and including 3.3.46...

CVE-2025-1666

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

EUVD-2018-1666

Malicious code in bioql PyPI...

CVE-2023-1666

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/viewclass.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

CVE-2025-1666

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

CVE-2025-1666

creationtimestamp| type| source ---|---|--- 2025-03-06 11:39:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6664 2025-03-06 15:30:39+00:00| seen| https://t.me/cvedetector/19696...

CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

CVE-2024-1666

CVE-2024-1666 affects lunary-ai/lunary 1.0.0, where an authorization flaw allows unauthorized radar creation. The root cause is missing server-side checks to verify a user’s paid/upgraded status during radar creation (enforced only in the web UI). Attackers can bypass account upgrade requirements...

CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-318...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-1666)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

RHEL 8 : kpatch-patch (RHSA-2023:1666)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1666 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

CVE-2023-1666

SourceCodester Automatic Question Paper Generator System 1.0 has a SQL injection vulnerability in the GET Parameter Handler, specifically in users/classes/view_class.php where manipulating the id parameter allows remote exploitation. The issue affects the view_class.php code path and is described...

SUSE CVE-2016-1666

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

Amazon Linux AMI : hsqldb (ALAS-2023-1666)

The version of hsqldb installed on the remote host is prior to 1.8.1.3-1.13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1666 advisory. Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be...