WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting

WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...

AlmaLinux 8 : resource-agents (ALSA-2026:1904)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1904 advisory. pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-23490 Tenable has extracted the preceding description block directl...

RockyLinux 8 : resource-agents (RLSA-2026:1904)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1904 advisory. pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-23490 Tenable has extracted the preceding description block direct...

EUVD-2026-1904

A weakness has been identified in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and...

CVE-2023-1904

In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server...

CVE-2021-1904

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2011-1904

An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command...

CVE-2025-1904

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched...

CVE-2025-1904

creationtimestamp| type| source ---|---|--- 2025-03-04 05:30:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6342 2025-03-04 08:18:33+00:00| seen| https://t.me/cvedetector/19473 2025-08-18 18:31:00+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2025-1904 code-projects Blood Bank System A+.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched...

CVE-2025-1904

CVE-2025-1904 affects Code-Projects Blood Bank System 1.0. The vulnerability is in an unknown function of the file /Blood/A+.php, where manipulating the Availibility parameter enables cross-site scripting. The issue can be triggered remotely. Connected sources confirm the root cause is input hand...

CVE-2025-1904 code-projects Blood Bank System A+.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched...

CVE-2019-1904

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

CVE-2020-11311

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as duplicate. All references should point to CVE-2021-1904...

CVE-2020-11311

...

RHEL 8 : firefox (RHSA-2024:1904)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1904 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-1904

creationtimestamp| type| source ---|---|--- 2024-04-11 10:38:39+00:00| seen| https://t.me/arpsyndicate/4506...

CVE-2024-1904

CVE-2024-1904 affects the MasterStudy LMS WordPress plugin (up to and including 3.2.13). The issue is a missing capability check in the search_posts function, allowing authenticated users with subscriber-level access or higher to view draft post titles and excerpts. Impact is unauthorized data ex...

CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

Malicious code in wlwz-2312-1904 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 223d878444e0767773222e224404920bf8c6b908fd921c7a5c4fc6f230f73819 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...