CVE-2026-1964

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

CVE-2026-1964

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

CVE-2026-1964 WeKan REST Endpoint boards.js BoardTitleRESTBleed access control

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

CVE-2025-1964

creationtimestamp| type| source ---|---|--- 2025-03-05 01:36:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6472 2025-03-05 03:00:52+00:00| published-proof-of-concept| Telegram/aYKuBuvcNZbKfokbehLeBp6DffkV4M1o-9u07P1jTnuoDmI 2025-03-05 04:23:43+00:00| seen|...

CVE-2025-1964 projectworlds Online Hotel Booking booknow.php sql injection

A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file /booknow.php?roomname=Duplex. The manipulation of the argument checkin leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2025-1964

CVE-2025-1964 affects projectworlds Online Hotel Booking 1.0. An SQL injection in the checkin argument of /booknow.php?roomname=Duplex is described as exploitable remotely with high impact (confidentiality, integrity, availability). Exploit exposure is noted as public in the sources. The connecte...

CVE-2024-1964

creationtimestamp| type| source ---|---|--- 2025-02-11 02:18:15+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhulrzofie2c...

Rocky Linux 8 : fetchmail (RLSA-2022:1964)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1964 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to...

Cisco NX-OS Software IPv6 Denial of Service (CVE-2019-1964)

A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An...

CVE-2023-1964

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attac...

Amazon Linux 2 : clamav (ALAS-2023-1964)

The version of clamav installed on the remote host is prior to 0.103.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1964 advisory. Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and...

SUSE CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by leveraging mishandling of XML transformations...

CVE-2022-1964

The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-1964 Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG

The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-1964

The CVE concerns the WordPress Easy SVG Support plugin prior to v3.3.0, where uploaded SVG files are not properly sanitised. This allows users with a role as low as Author to upload an SVG containing XSS payloads, enabling stored cross-site scripting via SVG uploads. Affected software: WordPress ...

Oracle Linux 8 : fetchmail (ELSA-2022-1964)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1964 advisory. 6.4.24-1 - Update to fetchmail-6.4.24 fixes CVE-2021-36386 and CVE-2021-39272 Resolves: 1999275, 2002698 Tenable has extracted the preceding descriptio...

AlmaLinux 8 : fetchmail (ALSA-2022:1964)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:1964 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to...

RHEL 8 : fetchmail (RHSA-2022:1964)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1964 advisory. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections...

CVE-2021-1964

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking...

CVE-2021-1964

CVE-2021-1964 corresponds to a buffer over-read in Qualcomm WLAN/IEEE 802.11 beacon parsing due to improper validation of IE size in the WLAN host subsystem. Affected are Qualcomm Snapdragon/WLAN components (e.g., QCA6574AU and related chips) across multiple Snapdragon device families. Root cause...