EUVD-2026-2118

Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...

CVE-2021-2118

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite component: Marketing Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

CVE-2024-2118

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

EUVD-2019-2118

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-2118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no...

CVE-2023-2118

Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...

CVE-2019-2118

In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8...

CVE-2025-2118

A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Login Endpoint. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

CVE-2025-2118 Quantico Tecnologia PRMV Login Endpoint login.php sql injection

A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Login Endpoint. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

CVE-2025-2118

CVE-2025-2118 concerns Quantico Tecnologia PRMV 6.48, specifically the Login Endpoint component. The vulnerability arises from manipulation of the username parameter in /admin/login.php, enabling SQL injection. It is a network-exposed issue that can be exploited remotely, and public disclosure of...

CVE-2024-2118 Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-2118 Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-2118

CVE-2024-2118 affects the WordPress plugin Social Media Share Buttons & Social Sharing Icons (Ultimate Social Media Icons) up to version 2.8.9. The issue is due to insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins), including scenari...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...

Oracle Linux 7 : glibc (ELSA-2019-2118)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2118 advisory. - Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984. - CVE-2016-10739: Reject trailing characters in getaddrinfo 1673465 Tenable has...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2118)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2118

Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints...

CVE-2023-2118

CVE-2023-2118 affects Devolutions Server 2023.1.5.0 and earlier. The issue is insufficient access control in the support ticket feature, enabling an authenticated attacker to send support tickets and download diagnostic files through specific endpoints. Impact is described as unauthorized access ...

CVE-2022-2118

The CVE-2022-2118 entry concerns the WordPress 404s plugin, where versions before 3.5.1 fail to sanitize and escape fields, enabling stored XSS by high-privilege users (e.g., admin). Exploitation context is authenticated/admin access, with payloads visible via the plugin’s 404 handling. The vulne...

Slackware: Security Advisory (SSA:2016-106-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...