CVE-2026-2123

creationtimestamp| type| source ---|---|--- 2026-03-31 19:20:27+00:00| published-proof-of-concept| Telegram/pGlKXNBirRT0gxqFC1bVLs6pojbUfu72MTdyyvCxHD2SpM 2026-03-31 19:20:34+00:00| published-proof-of-concept| Telegram/E6DSeVNy1uX9gptW9gUevVOkWF-Be1dfF2SOnx5Xk2F0EI 2026-03-31 19:35:19+00:00| seen...

MiracleLinux 4 : kernel-2.6.32-220.23.1.el6 (AXSA:2012-646:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-646:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

Linux Distros Unpatched Vulnerability : CVE-2021-2123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily...

CVE-2022-2123

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...

CVE-2019-2123

In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

creationtimestamp| type| source ---|---|--- 2025-03-09 15:37:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6967 2025-03-09 17:57:00+00:00| seen| https://t.me/cvedetector/19926 2025-03-09 19:05:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljxq6qdad...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

GeSHi up to 1.0.9.1 is affected by a cross-site scripting vulnerability in get_var() of /contrib/cssgen.php (CSS Handler). The issue arises from manipulating arguments under default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments. Exploitation is remote-capable, and public disclosure ...

CVE-2025-2123 GeSHi CSS cssgen.php get_var cross site scripting

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123 GeSHi CSS cssgen.php get_var cross site scripting

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

CVE-2025-2123

A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...

Linux Distros Unpatched Vulnerability : CVE-2012-2123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The capbprmsetcreds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities aka fcaps for...

CVE-2024-2123

CVE-2024-2123 : The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in multiple parameters due to insufficient input sanitization and output escaping in versions up to 2...

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...

Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting XSS vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject...

WordPress Ultimate Member Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2123 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d51add86a5f Credits stealthcopter...

CVE-2023-2123 WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2023-2123

CVE-2023-2123 affects the WordPress plugin WP Inventory Manager prior to version 2.1.0.13. The issue is an insufficient sanitization/escaping of a parameter before it is echoed on the page, causing a Reflected Cross-Site Scripting (XSS) . Impact is limited to unauthenticated users triggering XSS ...