EUVD-2019-7808

Malware in sbrugna...

CVE-2021-1743

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code...

CVE-2019-17406

Nokia IMPACT 18A has path traversal that may lead to RCE if chained with CVE-2019-1743...

CVE-2022-1743

creationtimestamp| type| source ---|---|--- 2025-04-17 18:58:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12322...

CVE-2025-1743

creationtimestamp| type| source ---|---|--- 2025-02-27 20:56:15+00:00| seen| https://t.me/cvedetector/19070 2025-05-15 07:39:46+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-1743.yaml 2025-05-15 21:02:29+00:00| seen|...

CVE-2025-1743

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2025-1743 zyx0814 Pichome index.php path traversal

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

CVE-2025-1743

CVE-2025-1743 affects zyx0814 Pichome 2.1.0. A path traversal flaw exists in the /index.php?mod=textviewer endpoint via the src parameter, enabling remote access to read files. The connected nuclei template confirms this is a critical vulnerability described as arbitrary file read with remote ini...

RockyLinux 9 : postgresql:16 (RLSA-2025:1743)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1743 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

CVE-2024-20105

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743...

CVE-2024-20105

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743...

CVE-2024-20105

In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

RHEL 7 : qemu-kvm-rhev (RHSA-2019:1743)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1743 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the...

CVE-2024-1743

The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-1743 WooCommerce Customers Manager < 29.8 - Reflected XSS

The WooCommerce Customers Manager WordPress plugin before 29.8 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WooCommerce Customers Manager Plugin < 29.8 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce Customers Manager Type Plugin Vulnerable versions 29.8 Fixed in 29.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1743 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 088073d3e0c4 Credits Erwan LR...

CentOS 8 : nodejs:14 (CESA-2023:1743)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1743 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

Oracle Linux 8 : nodejs:14 (ELSA-2023-1743)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1743 advisory. nodejs 1:14.21.3-1 - Rebase to 14.21.3 Resolves: rhbz2153712 Resolves: CVE-2022-25881 CVE-2023-23918 CVE-2023-23920 CVE-2022-38900 Resolves:...

CVE-2023-1743

creationtimestamp| type| source ---|---|--- 2023-03-31 02:21:39+00:00| seen| https://t.me/cibsecurity/61221...