CVE-2026-1913

creationtimestamp| type| source ---|---|--- 2026-04-22 13:13:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3laa6wof2r 2026-04-24 15:33:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkatxnvegv2q...

CVE-2026-1913

The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's loginlink shortcode in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the 'prefix' attribute. This makes it possible for...

AlmaLinux 9 : util-linux (ALSA-2026:1913)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1913 advisory. util-linux: util-linux: Heap buffer overread in setpwnam when processing 256-byte usernames CVE-2025-14104 Tenable has extracted the preceding description block...

MiracleLinux 7 : pidgin-2.10.11-5.el7 (AXSA:2017-1913:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1913:01 advisory. Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell...

CVE-2023-1913

The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

CVE-2020-1913

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

CVE-2016-1913

Multiple cross-site scripting XSS vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to 1 individual contacts, 2 notes, or 3 engagement scores...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1913)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1913

CVE-2024-1913 affects ABB RobotWare on IRC5 OmniCore: RobotWare 6.00–6.15.05 (excluding 6.10.10 and 6.13.07) and RobotWare 7.00–7.13 are vulnerable. A specially crafted message processing condition can cause the robot to stop, make the controller inaccessible, or allow arbitrary code execution. R...

CVE-2024-1913

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific...

CVE-2024-1913

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific...

Amazon Linux AMI : libtiff (ALAS-2024-1913)

The version of libtiff installed on the remote host is prior to 4.0.3-35.50. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1913 advisory. An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a...

Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1913 advisory. - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975. Related: rhbz1164004 - Fix REXML billion laughs attack via paramete...

WordPress Maps Widget for Google Maps Plugin <= 4.24 is vulnerable to Cross Site Scripting (XSS)

Software Maps Widget for Google Maps Type Plugin Vulnerable versions = 4.24 Fixed in 4.25 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1913 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 086ac6e4c3d5 Credits Marco Wotschka...

CVE-2023-1913

creationtimestamp| type| source ---|---|--- 2023-04-06 18:27:11+00:00| seen| https://t.me/cibsecurity/61562 2024-01-04 13:56:27+00:00| seen| https://t.me/arpsyndicate/2467...

CVE-2023-1913 Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

Amazon Linux 2 : golist (ALAS-2023-1913)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1913 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to...

CVE-2022-1913

CVE-2022-1913 concerns the WordPress plugin “Add Post URL” (

CVE-2021-1913

creationtimestamp| type| source ---|---|--- 2021-10-20 12:35:19+00:00| seen| https://t.me/cibsecurity/30860...

CVE-2021-1913

Technical details about CVE-2021-1913 are not publicly provided in the supplied connected documents; only the description of an integer overflow in Qualcomm Snapdragon components is available. Monitor for updates.