MiracleLinux 4 : X11 client libraries (AXSA:2014-613:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-613:01 advisory. Description: The X11 Xorg libraries provide library routines that are used within all X Window applications. Security issues fixed with this release:...

Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2025-1985)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-1985

Due to improper neutralization of input during web page generation XSS an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device...

CVE-2025-1985

Due to improper neutralization of input during web page generation XSS an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device...

CVE-2025-1985

creationtimestamp| type| source ---|---|--- 2025-05-26 08:47:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17538 2025-05-26 09:46:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lq2vcxpgdu27 2025-05-26 11:45:22+00:00| seen|...

CVE-2025-1985

CVE-2025-1985 matches the Pepperl+Fuchs Profinet Gateway LB8122A.1.EL / FB8122A.1.EL family. The issue is an XSS due to improper neutralization of input during web page generation, allowing an unauthenticated remote attacker to inject HTML into the Web-UI of the affected device. Documented in mul...

CVE-2025-1985 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability

Due to improper neutralization of input during web page generation XSS an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device...

CVE-2025-1985 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability

Due to improper neutralization of input during web page generation XSS an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device...

CVE-2019-1985

In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2002-1985

iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow...

Linux Distros Unpatched Vulnerability : CVE-2013-1985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related ...

RHEL 5 : libxinerama (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libXinerama: Integer overflow leading to heap-based buffer overflow CVE-2013-1985 Note that Nessus has not tested f...

CVE-2024-1985

CVE-2024-1985 affects the WordPress plugin Simple Membership . It is a Stored XSS via the Display Name parameter in versions up to 4.4.2, caused by insufficient input sanitization and output escaping. The vulnerability could let an attacker inject scripts that execute when a user loads a page. Ex...

CVE-2024-1985

creationtimestamp| type| source ---|---|--- 2024-03-08 13:20:28+00:00| published-proof-of-concept| https://t.me/codeb0ss/1396 2024-03-13 17:37:12+00:00| seen| https://t.me/ctinow/206944 2025-02-06 02:44:19+00:00| seen| Telegram/BK7vU0I6yfagEhXMrVTZB4ZUCw3752Z1EN6agKCE0RvRxSvG...

WordPress Simple Membership Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Simple Membership Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1985 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 92a2812ee783 Credits stealthcopter Required...

CVE-2023-1985

creationtimestamp| type| source ---|---|--- 2023-04-11 22:28:33+00:00| seen| https://t.me/cibsecurity/61904...

CVE-2023-1985

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function savebrand of the file /classes/Master.php?f=savebrand. The manipulation of the argument name leads to sql injection. The attack may be initiate...

CVE-2023-1985

SourceCodester Online Computer and Laptop Store 1.0 is affected by CVE-2023-1985, a SQL injection in the function save_brand (/classes/Master.php?f=save_brand) caused by manipulating the name parameter. The issue can be exploited remotely and has publicly disclosed exploit information. Multiple s...

Debian: Security Advisory (DSA-1985-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : sudo (ALAS-2023-1985)

The version of sudo installed on the remote host is prior to 1.8.23-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1985 advisory. In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables...