MiracleLinux 4 : thunderbird-38.7.0-1.AXS4 (AXSA:2016-141:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-141:03 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security issues fixed with this release: CVE-2016-1952 Multiple unspecified...

CVE-2025-1954

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be...

CVE-2025-1954

creationtimestamp| type| source ---|---|--- 2025-03-04 22:30:32+00:00| published-proof-of-concept| Telegram/ouMqd3i2riz9oVqasrqVUrTacrr696FnBIspBoBAxr8pSs8 2025-03-05 00:12:54+00:00| seen| https://t.me/cvedetector/19557 2025-08-18 18:31:00+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2025-1954

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be...

CVE-2025-1954

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be...

CVE-2025-1954 PHPGurukul Human Metapneumovirus Testing Management System login.php sql injection

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be...

CVE-2025-1954

The CVE-2025-1954 entry concerns PHPGurukul Human Metapneumovirus Testing Management System 1.0. The vulnerability affects an unknown functionality in /login.php where manipulating the username parameter triggers an SQL injection. Exploitation can be performed remotely and the exploit has been di...

CVE-2024-1954

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for...

WordPress Oliver POS Plugin <= 2.4.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Oliver POS Type Plugin Vulnerable versions = 2.4.1.8 Fixed in 2.4.1.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1954 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 749d54aee74a Credits Francesco Carlucci...

CVE-2023-1954

The CVE-2023-1954 entry relates to SourceCodester Online Computer and Laptop Store 1.0. A critical flaw in the function save_inventory in /admin/product/manage.php allows manipulation of the id parameter to trigger SQL injection. The vulnerability is remote-accessible, and public exploits have be...

Amazon Linux 2 : nss-util (ALAS-2023-1954)

The version of nss-util installed on the remote host is prior to 3.67.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1954 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-1954

Summary IBM TRIRIGA Application Platform discloses CVE-2020-1954 Vulnerability Details CVEID:CVE-2020-1954 DESCRIPTION: Apache CXF is vulnerable to a man-in-the-middle attack, caused by a flaw in JMX Integration. An attacker could exploit this vulnerability to launch a man-in-the-middle attack an...

GitLab 1.0.2 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-1954)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a...

GitLab 1.0.2 < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 DoS Vulnerability

GitLab is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2022-1954

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers...

CVE-2022-1954

CVE-2022-1954 affects GitLab CE/EE. The vulnerability is a Regular Expression Denial of Service in processing web server response headers, potentially causing a GitLab instance to become inaccessible. Affected versions: GitLab before 14.10.5 (i.e., 1.0.2 to

com.savoirtech.aetos:aetos (>=4.2.0.1 <=4.2.2), de.mhus.app.vault:vault-playground-assembly (>=7.2.0 <=7.3.0) +82 more potentially affected by CVE-2020-1954 via org.apache.cxf:cxf-rt-management (>=3.3.0 <=3.3.5)

org.apache.cxf:cxf-rt-management MAVEN version =3.3.0, =4.2.0.1, =7.2.0, =6.3.0, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.7, =1.0.7, =4.2.11.hyte-42116, =4.2.11.hyte-42116, =4.2.11.hyte-42116, =4.2.11.hyte-42119 and more Source cves: CVE-2020-1954 Source advisory:...

com.github.cchacin:cucumber-common-steps (>=0.0.2 <=0.1.8), com.github.httpmock:mock-http-server-junit (>=1.0.0 <=1.1.5) +217 more potentially affected by CVE-2020-1954 via org.apache.cxf:cxf-rt-management (>=2.0.10 <=3.2.12)

org.apache.cxf:cxf-rt-management MAVEN version =2.0.10, =0.0.2, =1.0.0, =1.0.0, =0.1.0, =2.0.0, =0.1.0, =1.0.0, =2.2.24.11, =2.2.10, =2.2.7, =2.2.9.1, =2.2.7, =2.2.7, =2.2.23.1 and more Source cves: CVE-2020-1954 Source advisory: OSV:GHSA-FFM7-7R8G-77XM...

CVE-2021-1954

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2021-1954

The CVE-2021-1954 issue is a buffer over-read in Qualcomm’s Snapdragon family (parsing FILS indication IE) caused by improper validation of the data pointer. Affects Qualcomm/ Snapdragon components; CVSS v3.1 indicates high severity (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) with network lead and high...