MiracleLinux 7 : chrony-2.1.1-1.0.1.el7.AXS7 (AXSA:2015-927:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-927:01 advisory. A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with...

EUVD-2026-2036

Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

ECHO-568F-2036-225B

Bulletin has no description...

CVE-2023-2036

A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed...

CVE-2019-2036

In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2010-2036

Directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2002-2036

Sun Ray Server Software SRSS 1.3, when Non-Smartcard Mobility NSCM is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client...

CVE-2025-2036

creationtimestamp| type| source ---|---|--- 2025-03-06 21:34:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6760...

CVE-2025-2036

CVE-2025-2036 affects the s-a-zhd Ecommerce-Website-using-PHP 1.0. The vulnerability is an SQL injection in the details.php file via the pro_id parameter, which can be triggered remotely. The exploitation method is disclosed publicly in the linked records, and multiple sources classify the impact...

CVE-2025-2036 s-a-zhd Ecommerce-Website-using-PHP details.php sql injection

A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0. It has been classified as critical. This affects an unknown part of the file details.php. The manipulation of the argument proid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 11 security bugs in Chromium: CVE-2024-11477: 7-Zip Zstd decompression integer underflow CVE-2025-0762: Use after free in DevTools CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0998: Out of bounds memory access in V8...

EulerOS 2.0 SP8 : indent (EulerOS-SA-2024-2036)

According to the versions of the indent package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted...

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2024:2036-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2036-1 advisory. - CVE-2024-4741: Fixed a use-after-free with SSLfreebuffers. bsc1225551 Tenable has extracted the preceding description block directly from...

CVE-2024-2036 ApplyOnline – Application Form Builder and Manager <= 2.6.2 - Missing Authorization to Sensitive Information Exposure

The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aolmodalbox AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscribe...

WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.6.2 is vulnerable to Broken Access Control

Software ApplyOnline – Application Form Builder and Manager Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2036 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 21265227face...

RHEL 9 : tigervnc (RHSA-2024:2036)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2036 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

CVE-2019-2036

creationtimestamp| type| source ---|---|--- 2024-02-13 16:36:37+00:00| seen| https://t.me/ctinow/183942...

Oracle Linux 6 : firefox (ELSA-2020-2036)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-2036 advisory. - Added fix for mozbz1348168/CVE-2017-5428 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Amazon Linux 2 : qt5-qtbase (ALAS-2023-2036)

The version of qt5-qtbase installed on the remote host is prior to 5.9.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2036 advisory. When using the Qt SQL ODBC driver plugin, then it is possible to trigger a DOS with a specifically crafted string RESERVEDNOTE:...

CVE-2011-2036

Technical details for CVE-2011-2036 are not publicly available in the provided documents. Monitor for updates.