CVE-2026-1689

creationtimestamp| type| source ---|---|--- 2026-01-30 19:17:59+00:00| seen| Telegram/xCNGj1TTbKvLiecfleQbdSYCUg38GbVRhl26GliyFWoGt0...

CVE-2025-1689

The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-1689

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...

CVE-2025-1689

creationtimestamp| type| source ---|---|--- 2025-02-27 10:22:17+00:00| seen| https://t.me/cvedetector/19028 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

CVE-2025-1689

The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-1689 ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-1689

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

WordPress WooCommerce Tools Plugin <= 1.2.9 is vulnerable to Broken Access Control

Software WooCommerce Tools Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.10 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1689 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dd5e30ec3dbb Credits Lucio Sá Required privilege...

Important: Red Hat Security Advisory: rh-varnish6-varnish security update

An update for rh-varnish6-varnish is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : rh-varnish6-varnish (RHSA-2024:1689)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1689 advisory. Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and ov...

EulerOS Virtualization 3.0.2.0 : edk2 (EulerOS-SA-2023-1689)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An unlimited recursion in DxeCore in EDK II. CVE-2021-28210 - NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

CVE-2023-1689

creationtimestamp| type| source ---|---|--- 2023-03-29 14:15:23+00:00| seen| https://t.me/cibsecurity/60999...

CVE-2023-1689

CVE-2023-1689 affects SourceCodester Earnings and Expense Tracker App 1.0. The vulnerability is in Master.php?a=save_earning, where manipulation of the argument name enables cross-site scripting (XSS). The issue can be exploited remotely; exploitation status is not provided in the documents. CVSS...

Debian: Security Advisory (DSA-2220-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : xorg-x11-server (ALAS-2023-1689)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1689 advisory. A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data,...

SUSE CVE-2016-1689

Heap-based buffer overflow in content/renderer/media/canvascapturehandler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site...

CVE-2022-1689

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...

CVE-2022-1689

The CVE-2022-1689 entry concerns the WordPress Note Press plugin (versions