CVE-2026-2159

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...

CVE-2026-2159

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...

CVE-2026-2159

SourceCodester Simple Responsive Tourism Website 1.0 contains a cross-site scripting flaw in the Registration module. Affected area is an unknown function in /tourism/classes/Master.php?f=register where manipulating firstname/lastname/username can trigger XSS. Exploit published; attack is remote ...

EUVD-2026-2159

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2019-2159

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112707186...

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

PT-2026-2159

Name of the Vulnerable Software and Affected Versions OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14 Description The software contains a heap buffer underflow in the readline function of mdb load. Processing malformed input with an embedded NUL byte can cause a...

CVE-2023-2159

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...

CVE-2020-2159

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins...

vim security update

8.2.2637-22.0.1 - Remove upstream references Orabug: 31197557 2:8.2.2637-22 - RHEL-2159 vim: Heap Use After Free in function inscomplgetexp in vim/vim...

CVE-2025-2159

Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...

CVE-2025-2159

creationtimestamp| type| source ---|---|--- 2025-04-04 06:35:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10407 2025-04-04 10:29:32+00:00| seen| https://t.me/cvedetector/22096...

CVE-2025-2159

Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...

CVE-2025-2159

CVE-2025-2159 affects M-Files Server Admin Tool Desktop UI prior to version 25.3.14681.7 on Windows. The issue is a stored XSS in the Desktop UI that allows an authenticated local user to execute scripts via the UI. Impact is limited to the Desktop UI component; exploitation requires local authen...

CVE-2025-2159 Stored XSS in M-Files Admin user interface

Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...

EulerOS Virtualization 2.11.1 : openssh (EulerOS-SA-2024-2159)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime...

RHEL 9 : python3.11-urllib3 (RHSA-2024:2159)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2159 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie...

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

CVE-2024-2159

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

CVE-2024-2159 Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...