CVE-2026-1960

Stored Cross-Site Scripting XSS vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint...

CVE-2026-1960 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes

Stored Cross-Site Scripting XSS vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint...

PT-2026-6904

Stored Cross-Site Scripting XSS vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint...

MiracleLinux 4 : thunderbird-38.7.0-1.AXS4 (AXSA:2016-141:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-141:03 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security issues fixed with this release: CVE-2016-1952 Multiple unspecified...

CVE-2025-1960

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...

EUVD-2022-52914

Malicious code in bioql PyPI...

ECHO-30B8-1960-3011

Bulletin has no description...

CVE-2021-1960

Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil...

CVE-2005-1960

The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username...

CVE-2002-1960

Cross-site scripting XSS vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link...

CVE-2025-1960

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...

CVE-2025-1960

creationtimestamp| type| source ---|---|--- 2025-03-12 15:40:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7320 2025-03-12 16:40:24+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lk6zie2nfz2o 2025-03-12 17:48:29+00:00| seen|...

CVE-2025-1960

CVE-2025-1960 affects Schneider Electric WebHMI (EcoStruxure Power Automation System User Interface) used in EMO-L/EPAS deployments. The root cause is CWE-1188: Initialization of a Resource with an Insecure Default, where insecure default values during resource initialization could allow an attac...

CVE-2025-1960

CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interfa...

RHEL 7 : kpatch-patch (RHSA-2024:1960)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1960 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

CentOS 7 : kpatch-patch (RHSA-2024:1960)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1960 advisory. - A use-after-free vulnerability in the Linux kernel's afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage...

CVE-2024-1960

creationtimestamp| type| source ---|---|--- 2024-04-11 10:07:17+00:00| seen| https://t.me/arpsyndicate/4500...

CVE-2024-1960

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Special Offer Day Widget Banner Link in all versions up to, and including, 2.8.1 due to insufficient input...

WordPress ShopLentor Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1960 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 64f9927062c1 Credits Webbernaut Required privilege...

CVE-2023-1960

SourceCodester Online Computer and Laptop Store 1.0 is affected by CVE-2023-1960 via SQL injection in /classes/Master.php?f=delete_category (id parameter). The issue allows remote exploitation and is classified as critical; exploit information has been disclosed publicly. Multiple sources confirm...