CVE-2026-1906

CVE-2026-1906 corresponds to a vulnerability in the PDF Invoices & Packing Slips for WooCommerce plugin for WordPress (versions up to and including 5.6.0). It enables Insecure Direct Object Reference through the wpo_ips_edi_save_order_customer_peppol_identifiers AJAX action due to missing capabil...

CVE-2016-1906 vulnerabilities

Vulnerabilities for packages: kubernetes...

MiracleLinux 7 : mercurial-2.6.2-8.el7 (AXSA:2017-1906:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1906:02 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start:...

CVE-2025-1906

A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-1906

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

CVE-2021-1906

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2013-1906

Cross-site scripting XSS vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag...

CVE-2011-1906

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

CVE-2025-1906

creationtimestamp| type| source ---|---|--- 2025-03-04 05:30:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6340 2025-03-04 08:18:32+00:00| seen| https://t.me/cvedetector/19471 2025-08-18 18:31:00+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2025-1906 PHPGurukul Restaurant Table Booking System profile.php sql injection

A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The...

Linux Distros Unpatched Vulnerability : CVE-2016-1906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed...

Ubuntu 20.04 LTS / 22.04 LTS : ImageMagick vulnerabilities (USN-6200-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6200-2 advisory. USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This...

USN-6200-2: ImageMagick vulnerabilities

USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem. Original advisory details: It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2024-1906)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for 389 (SUSE-SU-2024:1906-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : kubernetes_api_server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Kubernetes api server: build config to a strategy that isn't allowed by policy CVE-2016-1906 - The API...

RHEL 8 : firefox (RHSA-2024:1906)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1906 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

WordPress Categorify Plugin <= 1.0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Categorify Type Plugin Vulnerable versions = 1.0.7.4 Fixed in 1.0.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1906 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3807b96abd23 Credits Francesco Carlucci...

CVE-2024-1906

CVE-2024-1906 – Categorify (WordPress) CSRF in categorifyAjaxAddCategory Affects: Categorify – WordPress Media Library Category & File Manager plugin for WordPress (all versions up to 1.0.7.4).Root cause: Missing or incorrect nonce validation in categorifyAjaxAddCategory.Impact: Unauthenticated a...

CVE-2024-1906 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...