CVE-2026-2128

creationtimestamp| type| source ---|---|--- 2026-05-28 20:16:19+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2128 2026-05-29 09:54:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmybdofzag2e...

RockyLinux 8 : python3 (RLSA-2026:2128)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2128 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

CVE-2015-2128

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none...

EUVD-2026-2128

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB Server allows an authorized attacker to deny service over a network...

CVE-2019-2128

In ACELP4t64fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...

CVE-2024-2128

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficien...

CVE-2021-2128

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2020-2128

Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

WordPress Cost Calculator Builder plugin <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter vulnerability

Authenticated Subscriber+ SQL Injection via orderids Parameter vulnerability discovered by mikemyers in WordPress Plugin Cost Calculator Builder versions = 3.2.67...

CVE-2025-2128 Cost Calculator Builder <= 3.2.67 - Authenticated (Subscriber+) SQL Injection via order_ids Parameter

The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderids’ parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2022-2128

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4...

CVE-2024-2128

creationtimestamp| type| source ---|---|--- 2024-03-07 21:31:58+00:00| seen| https://t.me/ctinow/202791 2024-03-07 21:32:08+00:00| seen| https://t.me/ctinow/202800...

WordPress EmbedPress Plugin <= 3.9.10 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 3.9.10 Fixed in 3.9.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2128 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d5abb449ba3 Credits wesley wcraft Required...

Debian: Security Advisory (DSA-2128-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2128)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2128

creationtimestamp| type| source ---|---|--- 2022-06-20 20:26:38+00:00| seen| https://t.me/cibsecurity/44841...

CVE-2022-2128

CVE-2022-2128 affects polonel/trudesk prior to 1.2.4 and is described as Unrestricted Upload of File with Dangerous Type. The vulnerability is in the GitHub repository and relates to uploading files with dangerous types, with CVSS indicating high severity (base scores up to 9.8 in NVD) and networ...

CVE-2022-2128 Unrestricted Upload of File with Dangerous Type in polonel/trudesk

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4...

Oracle VirtualBox Security Updates (cpujan2021) - Windows

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle Virtualization/Virtualbox. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...