CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2025-1895

creationtimestamp| type| source ---|---|--- 2025-03-04 02:30:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6311 2025-03-04 03:01:08+00:00| published-proof-of-concept| Telegram/OhOzFiNBdcckJZvwRpCCvFizXXllaBPV0MS5KHznSv3TyI 2025-03-04 04:07:28+00:00| seen|...

CVE-2024-1895

creationtimestamp| type| source ---|---|--- 2024-04-30 13:51:35+00:00| seen| Telegram/CtKW2qrRjTDryeDJF9DrZ5b89BncRJ7JB-wQAmAoWm3nSHff...

WordPress Event Management Tickets Booking Plugin <= 1.3.4 is vulnerable to PHP Object Injection

Software Event Management Tickets Booking Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1895 Patch priority Medium CVSS severity Medium 7.4 Developer Claim ownership PSID d93e6770a231 Credits Francesco Carlucci...

Amazon Linux AMI : libX11 (ALAS-2023-1895)

The version of libX11 installed on the remote host is prior to 1.6.0-2.2.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1895 advisory. A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to...

CVE-2023-1895

The CVE-2023-1895 entry concerns the Getwid – Gutenberg Blocks WordPress plugin. Affected versions: up to and including 1.8.3; vulnerability is Server Side Request Forgery via the get_remote_content REST API endpoint. Exploitation requires subscriber-level or higher authentication, enabling web r...

WordPress Getwid – Gutenberg Blocks Plugin <= 1.8.3 is vulnerable to Server Side Request Forgery (SSRF)

Software Getwid – Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-1895 Patch priority Medium CVSS severity Medium 5 Developer Claim ownership PSID 688f43f1f9c1 Credits Ramuel Gall...

WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF

On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...

RHEL 8 : java-11-openjdk (RHSA-2023:1895)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1895 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

Oracle Linux 8 : java-11-openjdk (ELSA-2023-1895)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1895 advisory. 1:11.0.19.0.7-1 - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 &...

SUSE CVE-2004-1895

YaST Online Update YOU in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies...

SUSE CVE-2014-1895

Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...

Amazon Linux 2 : pcs (ALAS-2022-1895)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1895 advisory. A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart...

CVE-2022-1895 underConstruction < 1.20 - Construction Mode Deactivation via CSRF

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1895

The CVE records a CSRF vulnerability in the WordPress underConstruction plugin, affecting versions before 1.20. The issue arises from missing CSRF protection when deactivating Construction mode, enabling a logged-in admin action via CSRF attack. Connected sources confirm affected software (WordPr...

openSUSE: Security Advisory for postgresql13 (SUSE-SU-2022:1895-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-1895

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music...

CVE-2021-1895

Possible integer overflow due to improper length check while flashing an image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music...

CVE-2021-1895

The CVE-2021-1895 entry describes an integer overflow caused by an improper length check during flashing an image in Qualcomm Snapdragon family devices (Consumer IOT, Industrial IOT, Voice & Music). Affected components are tied to Qualcomm/ Snapdragon firmware processes; root cause is an overflow...