81 matches found
CVE-2026-2171
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...
EUVD-2026-2171
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally...
EUVD-2019-2171
Malware in sbrugna...
CVE-2025-2171
creationtimestamp| type| source ---|---|--- 2025-06-23 14:45:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19213 2025-06-23 15:31:00+00:00| published-proof-of-concept| Telegram/S7RPzkaVu9rMwdZrCAlLyJw5bBMvrbhCFuoMTi2UNDrM6ko 2025-06-24 07:20:07+00:00| seen|...
CVE-2025-2171
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN...
CVE-2025-2171
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN...
CVE-2022-2171
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...
CVE-2019-2171
In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035086...
openSUSE Security Advisory (SUSE-SU-2024:2171-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-2171 Stored XSS in zenml-io/zenml
A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...
CVE-2021-2171
creationtimestamp| type| source ---|---|--- 2023-11-15 16:53:23+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5992...
CVE-2023-2171
creationtimestamp| type| source ---|---|--- 2023-08-31 12:12:58+00:00| seen| https://t.me/cibsecurity/69520...
CVE-2023-2171
The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2171
The BadgeOS WordPress plugin vulnerability CVE-2023-2171 is a stored Cross-Site Scripting flaw in versions up to and including 3.7.1.6, caused by insufficient input sanitization and output escaping on shortcode attributes. It allows authenticated attackers with contributor-level and above permiss...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Scripting (XSS)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2171 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 965111d21cf9 Credits Alex Thomas Required privilege...
CVE-2022-2171
creationtimestamp| type| source ---|---|--- 2022-08-01 16:16:49+00:00| seen| https://t.me/cibsecurity/47312...
Ubuntu 16.04 ESM : MySQL vulnerabilities (USN-5022-3)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5022-3 advisory. USN-5022-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...
CentOS 8 : mysql:8.0 (CESA-2021:3590)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3590 advisory. - mysql: Server: Stored Procedure unspecified vulnerability CPU Oct 2020 CVE-2020-14672 - mysql: Server: FTS unspecified vulnerability CPU Oct 2020...
CVE-2021-2171 affecting package mysql 8.0.23-1
CVE-2021-2171 affecting package mysql 8.0.23-1. An upgraded version of the package is available that resolves this issue...
Photon OS 3.0: Mysql PHSA-2021-3.0-0231
An update of the mysql package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0231. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...