MiracleLinux 3 : kvm-83-266.0.1.AXS3.1 (AXSA:2014-242:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-242:01 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines...

EUVD-2026-1796

Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability...

CVE-2023-1796

A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=saveposition of the component Create News Handler. The manipulation of the argument name with the input leads to cross site...

CVE-2021-1796

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution...

CVE-2002-1796

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services...

CVE-2025-1796

creationtimestamp| type| source ---|---|--- 2025-03-20 13:03:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksr452mrb2w 2025-03-20 13:12:59+00:00| seen| https://t.me/cvedetector/20707 2025-03-20 19:18:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8...

CVE-2025-1796

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator PRNG used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable...

Linux Distros Unpatched Vulnerability : CVE-2022-1796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in GitHub repository vim/vim prior to 8.2.4979. CVE-2022-1796 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2013-1796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kvmsetmsrcommon function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required timepage alignment during an MSRKVMSYSTEMTIME...

CVE-2002-1796

creationtimestamp| type| source ---|---|--- 2025-01-16 19:56:10+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2025...

CVE-2024-20148

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID:...

CVE-2024-20148

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID:...

Security Bulletin: IBM Sterling Connect:Direct Web Services is uses xmltooling-1.4.4.jar, which contains a vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Shibboleth Identity Provider, which could allow a remote attacker to bypass security restrictions. It's caused by an error in the PKIX trust component. Vulnerability Details CVEID:CVE-2015-1796 DESCRIPTION: Shibboleth Identity Provider could...

CVE-2024-1796

creationtimestamp| type| source ---|---|--- 2024-03-15 08:26:06+00:00| seen| https://t.me/ctinow/208494 2024-03-15 08:31:50+00:00| seen| https://t.me/ctinow/208502...

CVE-2024-1796

CVE-2024-1796 affects HUSKY – Products Filter for WooCommerce (WordPress). The vulnerability is a Stored Cross-Site Scripting via the plugin’s woof shortcode in versions up to 1.3.5.1, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., swoof_slug). Im...

WordPress HUSKY Plugin <= 1.3.5.1 is vulnerable to Cross Site Scripting (XSS)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.1 Fixed in 1.3.5.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 938e3d425755 Credits Bassem Essam Required privileg...

Rocky Linux 8 : container-tools:rhel8 (RLSA-2021:1796)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1796 advisory. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause ...

BELL-CVE-2022-1796 CVE-2022-1796 does not affect BellSoft software

Bulletin has no description...