CVE-2026-2198

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...

CVE-2026-2198

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...

CVE-2026-2198

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...

EUVD-2026-2198

Concurrent execution using shared resource with improper synchronization 'race condition' in Graphics Kernel allows an authorized attacker to elevate privileges locally...

CVE-2021-2198

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Setup, Admin. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

Linux Distros Unpatched Vulnerability : CVE-2023-2198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

CVE-2015-2198

Multiple cross-site scripting XSS vulnerabilities in editprefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the 1 homepageurl, 2 picurl, or 3 avatarurl parameter, which are not properly handled in an error message...

CVE-2025-2198

creationtimestamp| type| source ---|---|--- 2025-03-20 23:19:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8307 2025-03-21 03:14:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkuandsm6i2j...

Linux Distros Unpatched Vulnerability : CVE-2016-2198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QEMU aka Quick Emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts ...

Linux Distros Unpatched Vulnerability : CVE-2011-2198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The insert-blank-characters capability in caps.c in gnome-terminal vte before 0.28.1 allows remote authenticated users to cause a denial of service CPU and memo...

RHEL 5 : vte (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - vte: DoS long loop via escape sequences with large repeat counts CVE-2012-2738 - The...

CVE-2024-2198

CVE-2024-2198 concerns the WordPress plugin Contact Form by BestWebSoft, with a Reflected XSS vulnerability via the cntctfrm_contact_address parameter in versions up to 4.2.8. The issue arises from insufficient input sanitization and output escaping, allowing an unauthenticated attacker to craft ...

CVE-2024-2198 Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address

The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrmcontactaddress’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress Contact Form by BestWebSoft Plugin <= 4.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form by BestWebSoft Type Plugin Vulnerable versions = 4.2.8 Fixed in 4.2.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2198 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b02a52616ddf Credits...

Amazon Linux 2 : python-pygments (ALAS-2023-2198)

The version of python-pygments installed on the remote host is prior to 1.4-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2198 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some o...

Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2023-2198)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2198

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

CVE-2023-2198

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the...

CVE-2023-2198

CVE-2023-2198 affects GitLab CE/EE (versions 8.7–15.10.7, 15.11–15.11.6, and 16.0–16.0.1) with a Regular Expression Denial of Service via crafted payloads to the preview_markdown endpoint. The initial description provides affected ranges and impact (availability loss of service). No root-cause, a...