115 matches found
RockyLinux 8 : expat (RLSA-2026:22721)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22721 advisory. libexpat: denial of service via crafted XML input CVE-2026-45186 Tenable has extracted the preceding description block directly from the RockyLinux security...
EUVD-2026-8725
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721 VMware Aria Operations privilege escalation vulnerability
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721
creationtimestamp| type| source ---|---|--- 2026-02-24 17:42:38+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/vmware-security-advisory-av26-162 2026-02-27 01:02:20+00:00| seen| https://bsky.app/profile/securitylab-jp.bsky.social/post/3mfsj6uh6vs23 2026-03-01 00:05:24+00:00| seen|...
PT-2026-21685
Name of the Vulnerable Software and Affected Versions VMware Aria Operations affected versions not specified Description VMware Aria Operations contains a stored cross-site scripting issue. An attacker with the ability to create custom benchmarks may inject script to perform administrative action...
PT-2026-21686
Name of the Vulnerable Software and Affected Versions VMware Aria Operations affected versions not specified Description A malicious actor with privileges in vCenter to access VMware Aria Operations may leverage a privilege escalation issue to obtain administrative access in VMware Aria Operation...
MiracleLinux 7 : httpd24-httpd-2.4.34-23.el7.5 (AXSA:2022-3871:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3871:03 advisory. httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: NULL...
CVE-2023-22721
Auth. Stored Cross-Site Scripting XSS in Oi Yandex.Maps for WordPress = 3.2.7 versions...
CVE-2025-22721
creationtimestamp| type| source ---|---|--- 2025-01-21 17:29:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113867527306183773 2025-01-21 18:16:06+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbhjgxfwk2s 2025-01-21 19:02:04+00:00|...
CVE-2025-22721 WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through = 2.6.7.1...
CVE-2025-22721
CVE-2025-22721 (ApplyOnline – Application Form Builder and Manager): Missing Authorization vulnerability due to incorrectly configured access control in ApplyOnline. Affected: ApplyOnline – Application Form Builder and Manager, versions n/a through 2.6.7.1. CVSS 3.1 base score 4.3 (Medium). Root ...
CVE-2025-22721 WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through = 2.6.7.1...
RHEL 7 : httpd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modproxy: X-Forwarded-For dropped by hop-by-hop mechanism CVE-2022-31813 - Apache HTTP Server...
CVE-2024-22721
Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...
CVE-2024-22721
Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...
CVE-2024-22721
Form Tools 3.1.1 suffers a Cross Site Request Forgery (CSRF) vulnerability that lets an attacker manipulate sensitive user data through a crafted link. Root cause: CSRF flaw in the application’s handling of requests. Impact: unauthorized modification of user data. Exploitation details are not ful...
CVE-2024-30343
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
CVE-2024-30343
CVE-2024-30343 is a Foxit PDF Reader Annotation Use-After-Free Remote Code Execution. The flaw arises from not validating the existence of an object before performing operations on Annotation objects, enabling code execution in the current process when a user opens a malicious file/page or visits...
CVE-2024-30343 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...