CVE-2026-1706

creationtimestamp| type| source ---|---|--- 2026-03-04 12:31:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgabzcdkma2v...

CVE-2026-1706

CVE-2026-1706 : All-in-One Video Gallery for WordPress has a Reflected Cross-Site Scripting flaw via the vi parameter in versions up to 4.7.1. Insufficient input sanitization/output escaping allows unauthenticated attackers to inject scripts on pages that a user may perform actions on (e.g., clic...

MiracleLinux 9 : ignition-2.14.0-1.el9 (AXSA:2023-4920:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4920:01 advisory. ignition: configs are accessible from unprivileged containers in VMs running on VMware products CVE-2022-1706 Tenable has extracted the preceding description...

EUVD-2026-1706

GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database...

CVE-2025-1706

creationtimestamp| type| source ---|---|--- 2025-05-17 01:35:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16767 2025-05-17 05:08:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpdrl2wynm2j...

CVE-2025-1706

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

CVE-2025-1706

CVE-2025-1706 affects Imagination Technologies PowerVR-GPU driver. A non-privileged user can perform GPU system calls that may trigger a use-after-free kernel condition, reportedly due to improper locking of the pvr_exp_fence object. No official remediation or patch details are provided in the co...

openSUSE: Security Advisory for ignition (SUSE-SU-2022:2349-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for systemd (SUSE-SU-2022:2866-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1706

creationtimestamp| type| source ---|---|--- 2024-02-21 19:21:53+00:00| seen| https://t.me/ctinow/189966 2024-02-21 19:26:26+00:00| seen| https://t.me/ctinow/189979 2024-03-13 09:11:43+00:00| seen| https://t.me/ctinow/206472...

CVE-2024-1706

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2024-1706

CVE-2024-1706 affects ZKTeco ZKBio Access IVS up to 3.3.2, specifically the Department Name Search Bar component. The vulnerability is an input-based cross-site scripting (XSS) issue that can be exploited remotely; exploitation requires user interaction. Public disclosures exist. The vendor notes...

MAL-2024-329 Malicious code in wlwz-2312-1706 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e898e24e028b58784c91b380e4c0cfce4c17355f580f8be621fb7516f113ea6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-1706 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e898e24e028b58784c91b380e4c0cfce4c17355f580f8be621fb7516f113ea6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rocky Linux 9 : ignition (RLSA-2022:8126)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8126 advisory. - A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only...

CVE-2023-1706

Rejected reason: This candidate is unused by its CNA...

SUSE CVE-2016-1706

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to...

Oracle Linux 9 : ignition (ELSA-2022-8126)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8126 advisory. 2.14.0-1 - New release - Add ignition-apply symlink - Add ignition-rmcfg symlink and ignition-delete-config.service 2.13.0-2 - Rename -validate-nonlinux...