SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs115 (SUSE-SU-2026:1870-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1870-1 advisory. This update for mozjs115 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer...

MAL-2026-1870 Malicious code in ui-core_mal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c66ea54316ebd799590186156adab4ff03ad3108487b4c5c48192924efcd60a The package ui-coremal was found to contain malicious code...

CVE-2024-1870

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...

CVE-2023-1870

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language...

CVE-2025-1870

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php...

CVE-2025-1870

creationtimestamp| type| source ---|---|--- 2025-03-03 13:30:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6199 2025-03-03 15:32:50+00:00| seen| https://t.me/cvedetector/19345...

WordPress Colibri Page Builder Plugin <= 1.0.260 is vulnerable to Broken Access Control

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.260 Fixed in 1.0.263 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ddfb3a20814b Credits HappyFunTime Required...

CVE-2024-1870

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...

CVE-2024-1870

CVE-2024-1870 affects the WordPress plugin Colibri Page Builder . The vulnerability is an unauthorized data modification issue caused by a missing capability check in the function calledActivateLicenseEndpoint, present in all versions up to and including 1.0.260. This allows authenticated attacke...

SUSE CVE-2015-1870

The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...

Amazon Linux AMI : nginx (ALAS-2023-1870)

The version of nginx installed on the remote host is prior to 1.18.0-1.45. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1870 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

CVE-2023-1870

creationtimestamp| type| source ---|---|--- 2023-04-05 18:37:01+00:00| seen| https://t.me/cibsecurity/61459...

CVE-2023-1870

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language...

CVE-2023-1870

The CVE refers to CVE-2023-1870 affecting YourChannel for WordPress (

WordPress YourChannel: Everything you want in a YouTube Plugin <= 1.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software YourChannel: Everything you want in a YouTube Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-1870 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db4d6da8779...

Debian: Security Advisory (DSA-1303-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-1870

creationtimestamp| type| source ---|---|--- 2022-07-28 02:11:59+00:00| seen| https://t.me/cibsecurity/47156...

CVE-2022-1870

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

DEBIAN-CVE-2022-1870

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

CVE-2022-1870

Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...