102 matches found
EUVD-2021-2040
Malware in sbrugna...
EUVD-2019-3657
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-2040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated...
CVE-2002-2040
The 1 phrafx and 2 phgrafx-startup programs in QNX realtime operating system RTOS 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap...
CVE-2025-2040
creationtimestamp| type| source ---|---|--- 2025-03-06 20:34:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6742 2025-03-06 23:53:01+00:00| seen| https://t.me/cvedetector/19759 2025-03-08 04:34:12+00:00| seen| Telegram/oX3pOlL9Rsk4dpSx0neuy4V--PA5HCRrPLthms1kB1Lj3Q-k...
CVE-2025-2040
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack ca...
CVE-2025-2040 zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack ca...
CVE-2025-2040 zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack ca...
CVE-2025-2040
CVE-2025-2040 affects zhijiantianya ruoyi-vue-pro 2.4.1. The vulnerability involves an unknown functionality at the file path /admin-api/bpm/model/deploy where improper neutralization of special elements in a template engine can be exploited. It is exploitable remotely and, per sources, the explo...
CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...
RHEL 9 : tigervnc (RHSA-2024:2040)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2040 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...
CVE-2023-2040
A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2023-2040
CVE-2023-2040 affects novel-plus version 3.6.2. The vulnerability is an SQL injection in the /news/list?limit=10&offset=0&order=desc endpoint, caused by manipulation of the sort parameter. It is exploitable remotely, and the exploit has been publicly disclosed. Multiple connected sources corrobor...
Debian: Security Advisory (DLA-481-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : rh-mariadb103-mariadb and rh-mariadb103-galera (RHSA-2021:2040)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2040 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a late...
CLSA-2022-1658171690 Fixed CVE-2016-10012 in openssh
CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...
CVE-2022-2040
The CVE-2022-2040 entry concerns the Brizy WordPress Page Builder plugin prior to version 2.4.2. The root cause is the plugin’s failure to sanitize and escape certain element URLs, enabling Stored Cross-Site Scripting (XSS) by users with a role as low as Contributor. Affected component: Brizy Wor...
CVE-2022-2040 Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
SUSE: Security Advisory (SUSE-SU-2017:2040-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-2040
Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications component: Case Form, Local Affiliate Form. The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...