141 matches found
ECHO-1910-CB5A-DE37
Bulletin has no description...
CVE-2026-25883
Vexa SSRF via webhook URL validation flaw : The webhook feature allows authenticated users to configure any HTTP POST URL when meetings complete, with no validation of the target. This enables Server-Side Request Forgery to internal services (e.g., Redis/databases/admin panels), cloud metadata en...
CVE-2026-25058 Vexa's unauthenticated internal transcript endpoint exposed by default
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...
EUVD-2026-23887
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...
CVE-2026-25058 Vexa's unauthenticated internal transcript endpoint exposed by default
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meetingid that returns transcript data for any meeting without any authentication or...
PT-2026-33789
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint GET /internal/transcripts/meeting id that returns transcript data for any meeting without any authentication or...
MiracleLinux 4 : bind-9.7.3-2.2.0.1.AXS4.P3 (AXSA:2011-406:01)
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-406:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...
EUVD-2026-1910
Malicious code in libc-dev PyPI...
CVE-2025-1910
creationtimestamp| type| source ---|---|--- 2025-12-04 22:08:06+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115663574444372667 2026-01-07 17:31:04+00:00| seen| https://bsky.app/profile/lutrasecurity.infosec.exchange.ap.brid.gy/post/3mbtybjfq5tj2 2026-01-07 17:31:36+00:00| seen|...
EUVD-2022-1910
Malicious code in bioql PyPI...
CVE-2022-1910
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
CVE-2021-1910
Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2020-1910
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image...
CVE-2012-1910
Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted...
CVE-2002-1910
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords reversible algorithm, which allows attackers to obtain passwords...
CentOS 7 : firefox (RHSA-2024:1910)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1910 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...
openSUSE: Security Advisory for gstreamer (SUSE-SU-2024:1910-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: gstreamer-plugins-base / gstreamer-plugins-base-devel / etc (SUSE-SU-2024:1910-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1910-1 advisory. - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata bsc1224806 Tenable has extracted the...
SUSE: Security Advisory (SUSE-SU-2024:1910-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Keenetic KN-1010 信息泄露漏洞
Keenetic KN is a series of routers from Keenetic. An information disclosure vulnerability exists in Keenetic KN-1010, which stems from an information disclosure vulnerability in file/version.js. Affected products and versions: Keenetic KN-1010, KN-1410, KN-1711, KN-1810, and KN-1910 4.1.2.15 and...