CVE-2026-1977

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...

CVE-2026-1977 isaacwasserman mcp-vegalite-server visualize_data eval code injection

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...

MiracleLinux 4 : thunderbird-78.11.0-1.0.1.AXS4 (AXSA:2021-1977:10)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1977:10 advisory. Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 CVE-2021-29967 Mozilla: Thunderbird stored OpenPGP secret keys without master...

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

CVE-2025-1977

creationtimestamp| type| source ---|---|--- 2025-12-31 08:12:09+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mbbg66qekb2z 2025-12-31 13:55:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mbbzdirsoh26 2025-12-31 17:20:12+00:00| seen|...

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

CVE-2024-1977

The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inje...

CVE-2021-1977

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2012-1977

WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file...

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface CLI tool that is being used by a wide range of...

Oracle Secure Backup Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability', 'Description' = %q This module exploits an authentication bypass...

CVE-2024-1977

The CVE-2024-1977 entry concerns the Restaurant Solutions – Checklist plugin for WordPress (v1.0.0) with Stored XSS due to insufficient input sanitization and output escaping. The vulnerability affects multisite installations and sites where unfiltered_html is disabled. Exploitation requires auth...

WordPress Restaurant Solutions Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Solutions Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-1977 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 74398097a9c3 Credits José Adán Hernández Flores Required...

CVE-2023-1977

creationtimestamp| type| source ---|---|--- 2023-08-16 16:47:26+00:00| seen| https://t.me/cibsecurity/68637...

CVE-2023-1977

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

CVE-2023-1977 Booking Manager < 2.0.29 - Subscriber+ SSRF

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...

CVE-2023-1977

Affected software: WordPress Booking Manager plugin. Vulnerable in versions prior to 2.0.29 where the plugin does not validate URLs in the admin panel or shortcodes that fetch events from a remote ICS file. Root cause: inadequate URL validation enables Server-Side Request Forgery (SSRF), allowing...

Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning (CVE-2019-1977)

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an endpoint device in certain circumstances. The...

WordPress Booking Manager Plugin < 2.0.29 is vulnerable to Server Side Request Forgery (SSRF)

Software Booking Manager Type Plugin Vulnerable versions 2.0.29 Fixed in 2.0.29 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-1977 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID dc7cead73df5 Credits Shreya Pohekar...

Amazon Linux 2 : cifs-utils, --advisory ALAS2-2023-1977 (ALAS-2023-1977)

The version of cifs-utils installed on the remote host is prior to 6.2-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1977 advisory. A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may...