CVE-2026-1778

creationtimestamp| type| source ---|---|--- 2026-02-03 09:50:05+00:00| seen| https://gist.github.com/alon710/489aeb55e21e4d9cedb91bf1a9640a8b...

amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), anymodality (=0.1.0) +26 more potentially affected by CVE-2026-1778 via sagemaker (>=2.0.0 <=2.254.1)

sagemaker PYPI version =2.0.0, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =1.0.0, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =1.0.1 and more Source cves: CVE-2026-1778 Source advisory: SNYK:PYTHON-SAGEMAKER-15182756...

amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), anymodality (=0.1.0) +27 more potentially affected by CVE-2026-1778 via sagemaker (>=1.52.1 <=2.254.1)

sagemaker PYPI version =1.52.1, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =0.2.8, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =1.0.1 and more Source cves: CVE-2026-1778 Source advisory: OSV:GHSA-62RC-F4V9-H543...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +49 more potentially affected by CVE-2026-1778 via sagemaker (=3.10.1)

sagemaker PYPI version =3.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on sagemaker and may be impacted: - admet-workbench =0.1.0, =0.4.4, =1.3.24, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source cves:...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

EUVD-2026-1778

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontendadmin/forms/updatefield' AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-1778

The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'artthemethemeoptionrestore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

CVE-2025-1778

creationtimestamp| type| source ---|---|--- 2025-06-06 08:59:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqwhtvl7zt2j...

CVE-2025-1778

The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'artthemethemeoptionrestore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

CVE-2025-1778 Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete

The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'artthemethemeoptionrestore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

CVE-2021-1778

An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafte...

CVE-2013-1778

Cross-site scripting XSS vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...

CVE-2024-1778

creationtimestamp| type| source ---|---|--- 2024-02-23 08:26:51+00:00| seen| https://t.me/ctinow/191523 2024-02-23 08:31:41+00:00| seen| https://t.me/ctinow/191528 2024-03-13 17:42:00+00:00| seen| https://t.me/ctinow/206953...

CVE-2024-1778

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangebookmark function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter...

CVE-2024-1778 Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangebookmark function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter...

CVE-2024-1778

CVE-2024-1778 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability is due to a missing capability check in the zt_dcfcf_change_bookmark() function, enabling unauthenticated actors to modify bookmark statuses in all versions up to 1.1.1. Multiple connected s...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

Amazon Linux AMI : ncurses (ALAS-2023-1778)

The version of ncurses installed on the remote host is prior to 5.7-4.20090207.15. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1778 advisory. ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory...

CVE-2023-1778

creationtimestamp| type| source ---|---|--- 2023-04-27 14:28:05+00:00| seen| https://t.me/cibsecurity/62967...

CVE-2023-1778 Default Credential Vulnerability in GajShield Data Security Firewall

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 except v4.21 due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby...