PT-2026-36085

Name of the Vulnerable Software and Affected Versions ASR1903 affected versions not specified Description A NULL pointer dereference in the ims client modules of ASR Lapwing Linux on Linux allows pointer manipulation. This issue is associated with the program file 'sip/utils/src/sipuri.c'. A NULL...

CVE-2026-1903

CVE-2026-1903 concerns the WordPress plugin Ravelry Designs Widget (versions up to 1.0.0). The vulnerability is a stored XSS via the shortcode attribute sb_ravelry_designs layout. Exploitation requires authenticated access at contributor level or higher, and would cause arbitrary scripts to run w...

Oracle Linux 9 : fence-agents (ELSA-2026-1903)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1903 advisory. 4.10.0-98.5 - bundled pyasn1: fix CVE-2026-23490 Resolves: RHEL-142459 Tenable has extracted the preceding description block directly from the Oracle Linux...

EUVD-2026-1903

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploi...

CVE-2025-13735

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...

CVE-2021-1903

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industri...

CVE-2020-1903

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received...

Oracle Linux 9 : shim (ELSA-2024-1903)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1903 advisory. 15.8-1.0.3 - Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft Orabug: 36072879 - Update shim fb and mm binaries to match unsigned releases...

RHEL 9 : shim update (Important) (RHSA-2024:1903)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1903 advisory. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments...

Malicious code in wlwz-2312-1903 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166079de35b25089f4f46b62db618fde5711fcc83c5b95311cfbbe2d1737360e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Amazon Linux AMI : golang (ALAS-2024-1903)

The version of golang installed on the remote host is prior to 1.20.12-1.49. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1903 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read ma...

CVE-2022-1903

creationtimestamp| type| source ---|---|--- 2023-04-27 09:45:08+00:00| seen| https://t.me/leakes4/9532...

CVE-2023-1903

creationtimestamp| type| source ---|---|--- 2023-04-11 07:23:03+00:00| seen| https://t.me/cibsecurity/61817...

CVE-2023-1903 Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

CVE-2023-1903

CVE-2023-1903 affects SAP HCM Fiori App My Forms (Fiori 2.0) version 605. The underlying issue is missing authorization checks for an authenticated user, which can expose restricted header data. Sources consistently describe the affected software and the root cause as a lack of proper access cont...

SUSE CVE-2016-1903

The gdImageRotateInterpolated function in ext/gd/libgd/gdinterpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and application crash via a large bgdcolor argument to t...

CVE-2022-1903 ARMember < 3.4.8 - Unauthenticated Admin Account Takeover

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username...

CVE-2022-1903

CVE-2022-1903 affects the ARMember WordPress plugin (versions before 3.4.8). The underlying issue is missing nonce and authorization checks in an AJAX action accessible to unauthenticated users, enabling an attacker to change the password of arbitrary usernames and take over accounts (potentially...

Huawei EulerOS: Security Advisory for mod_auth_mellon (EulerOS-SA-2022-1903)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-1903

creationtimestamp| type| source ---|---|--- 2021-11-12 12:38:38+00:00| seen| https://t.me/cibsecurity/32274...