Youzify < 1.2.0 - Unauthenticated SQLi

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection id: CVE-2022-1950 info: name: Youzify 1.2.0 - Unauthenticated SQLi author:...

CVE-2026-1950

creationtimestamp| type| source ---|---|--- 2026-04-24 08:14:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mka3hjof4t2n 2026-04-24 09:16:19+00:00| published-proof-of-concept| Telegram/X1JyBiiNxoSYu-ldDRrQFjaq89QLca8O12-lN-DTEtiPeU 2026-05-11 19:37:07+00:00| seen|...

MiracleLinux 4 : libtirpc-0.2.1-6.AXS4 (AXSA:2013-481:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-481:01 advisory. This package contains SunLib's implementation of transport-independent RPC TI-RPC documentation. This library forms a piece of the base of Open Network...

MiracleLinux 7 : nss-util-3.19.1-9.el7 (AXSA:2016-126:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-126:01 advisory. Utilities for Network Security Services and the Softoken module Security issues fixed with this release: CVE-2016-1950 RESERVED This candidate has been reserv...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

CVE-2021-1950

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2002-1950

Cross-site scripting XSS vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the 1 the email parameter of add.php or 2 the banner URL banurl parameter in the main list...

Security Bulletin: Incorrect permission of environment variable (CVE-2025-1950) affects Power HMC

Summary Vulnerability is due to incorrect permission of environment variable results in privilege escalation on Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1950 DESCRIPTION: IBM Hardware Management Console - Power Systems could...

CVE-2025-1950

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source...

CVE-2025-1950

creationtimestamp| type| source ---|---|--- 2025-04-22 15:03:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12865 2025-04-22 15:56:49+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114382432429450797 2025-04-22 16:14:08+00:00| seen|...

CVE-2024-50072 x86/bugs: Use code segment selector for VERW operand

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below GP in 32-bit mode when dosemu software was executing vm86 system call: general protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin...

CVE-2024-50072

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below GP in 32-bit mode when dosemu software was executing vm86 system call: general protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

openSUSE Security Advisory (SUSE-SU-2024:1950-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-4653 · D Link · D-Link Dir-1950

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1950 versions up to v1.11B03 Description: The issue is related to the failure to validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to perform a man-in-the-middle...

CVE-2024-1950

creationtimestamp| type| source ---|---|--- 2024-03-13 17:37:10+00:00| seen| https://t.me/ctinow/206942...

CVE-2024-1950

The CVE-2024-1950 entry applies to the WordPress plugin “Product Carousel Slider & Grid Ultimate for WooCommerce.” It describes a PHP Object Injection via deserialization of untrusted shortcode input in all versions up to 1.9.7. Attack requires an authenticated user with contributor+ privileges; ...