CVE-2026-20866

creationtimestamp| type| source ---|---|--- 2026-01-13 18:01:16+00:00| seen| https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review 2026-01-13 18:16:30+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0007 2026-04-10 10:53:42+00:00| seen|...

CVE-2019-20866

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 36e7531caa36 Credits Keitaro Yamazaki...

CVE-2024-20866

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step...

Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866

Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...

CVE-2023-20866

A flaw was found in Spring Session. If using HeaderHttpSessionIdResolver, the session id can be logged to the standard output stream. This may log sensitive information and could be used by an attacker for session hijacking...

CVE-2023-20866

creationtimestamp| type| source ---|---|--- 2023-04-14 00:25:15+00:00| seen| https://t.me/cibsecurity/62083...

cn.herodotus.engine:access-sdk-all (>=3.0.1.0 <=3.0.4.2), cn.herodotus.engine:access-sdk-justauth (>=3.0.1.0 <=3.0.4.2) +85 more potentially affected by CVE-2023-20866 via org.springframework.session:spring-session-core (=3.0.0)

org.springframework.session:spring-session-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.session:spring-session-core and may be impacted: - cn.herodotus.engine:access-sdk-all =3.0.1.0, =3.0.1.0, =3.0.1.0,...

CVE-2023-20866

CVE-2023-20866 affects Spring Session 3.0.0, where the session ID can be logged to standard output when using HeaderHttpSessionIdResolver. This leaks sensitive information from logs and can enable session hijacking. The NVD/CVSS data indicates a base score of 6.5 (MEDIUM) with high confidentialit...

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 CVSS score: 7.4, has been described as a "logic error" when handling RSA keys on devices...

CVE-2022-20866

CVE-2022-20866 is a Cisco RSA private-key leakage flaw affecting Cisco ASA/FTD software due to a logic error in in-memory RSA key handling on hardware crypto platforms. An unauthenticated, remote attacker could perform a Lenstra side-channel attack to recover private keys, potentially impersonate...

CVE-2021-20866

The CVE-2021-20866 vulnerability affects Advanced Custom Fields (ACF) and ACF Pro prior to version 5.11. The issue is a missing authorization in obtaining the user list, leading to potential information disclosure of unauthorized user data via unspecified vectors. Public sources in Patchstack ind...

JVN#09136401: Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Version| Vector| Score ---|---|--- CVSS v3|...

CVE-2019-20866

CVE-2019-20866 affects Mattermost Server prior to 5.12.0. The root cause is the mishandling of IP address information by using a Proxy HTTP header instead of the source address in the IP header. Impact per sources: partial confidentiality exposure of IPs. Exploitation details are not provided in ...

CVE-2018-20866

cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature SEC-461...

CVE-2018-20866

CVE-2018-20866 affects cPanel before 76.0.8, with a Stored XSS in the WHM “Reset a DNS Zone” feature (SEC-461). The vulnerability concerns the handling of input in Reset DNS Zone, enabling stored cross-site scripting. Documents consistently describe the issue as a stored XSS vulnerability in that...