CVE-2026-1750

creationtimestamp| type| source ---|---|--- 2026-02-15 07:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116073354277623527 2026-02-15 07:00:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3meuxmgzeut2h 2026-02-16 23:04:38+00:00| seen|...

CVE-2026-1750

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...

EUVD-2026-1750

The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-1750 SQL Injection in run-llama/llama_index

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llamaindex version v0.12.19. This vulnerability allows an attacker to manipulate the refdocid parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code...

CVE-2025-1750 SQL Injection in run-llama/llama_index

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llamaindex version v0.12.19. This vulnerability allows an attacker to manipulate the refdocid parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code...

CVE-2022-1750

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popuptitle' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities an...

CVE-2013-1750

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file...

Oracle Linux 7 : python3 (ELSA-2025-1750)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1750 advisory. - Fix DoS parsing crafted tarfile headers Orabug: 37626372CVE-2024-6232 Tenable has extracted the preceding description block directly from the Oracle Linux...

Rocky Linux 9 : unbound (RLSA-2024:1750)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1750 advisory. - A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime...

RHEL 9 : unbound (RHSA-2024:1750)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1750 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: A vulnerability was found in Unbound due to...

CVE-2024-1750

creationtimestamp| type| source ---|---|--- 2024-02-22 21:26:13+00:00| seen| https://t.me/ctinow/191184 2024-02-22 21:26:17+00:00| seen| https://t.me/ctinow/191188 2024-03-13 13:36:40+00:00| seen| https://t.me/ctinow/206672 2024-03-14 00:22:16+00:00| seen| https://t.me/kasraonecom/671...

CVE-2024-1750 TemmokuMVC Image Download images_get_down.php img_replace deserialization

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function getimgurl/imgreplace in the library lib/imagesgetdown.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely...

CVE-2024-1750

CVE-2024-1750 affects TemmokuMVC up to version 2.3. The vulnerability resides in the Image Download Handler’s library file lib/images_get_down.php, specifically the get_img_url/img_replace function, where input manipulation enables deserialization. Reported impact is remote code execution with hi...

Amazon Linux AMI : kernel (ALAS-2023-1750)

The version of kernel installed on the remote host is prior to 4.14.314-164.539. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1750 advisory. In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to...

CVE-2023-1750

creationtimestamp| type| source ---|---|--- 2023-04-04 20:40:46+00:00| seen| https://t.me/cibsecurity/61413...

CVE-2023-1750

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information...

CVE-2023-1750

CVE-2023-1750 affects Nexx Smart Home devices (e.g., Nexx Garage Door Controller NXG-100B/NXG-200, Nexx Smart Plug NXPG-100W, Nexx Smart Alarm NXAL-100). The vulnerability stems from improper access control when executing actions, allowing an attacker with a valid NexxHome deviceId to retrieve de...

WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR

The plugin does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. Run t...

CVE-2022-1750 Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popuptitle' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities an...

CVE-2022-1750

The CVE-2022-1750 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress Sticky Popup plugin (versions up to and including 1.2). The root cause is insufficient input sanitization and output escaping for the popup_title parameter, enabling an authenticated attacker with admin...