CVE-2019-2299

An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-2299

Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password...

CVE-2025-2299

creationtimestamp| type| source ---|---|--- 2025-04-03 11:35:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10195 2025-04-03 15:14:04+00:00| seen| https://t.me/cvedetector/21970...

CVE-2025-2299 LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

WordPress LuckyWP Table of Contents plugin <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin LuckyWP Table of Contents versions = 2.1.10...

CVE-2009-2299

creationtimestamp| type| source ---|---|--- 2024-10-15 10:14:15+00:00| seen| Telegram/HfSunJuoYNfbsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ...

openSUSE Security Advisory (SUSE-SU-2024:2299-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-2299

A stored Cross-Site Scripting XSS vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which is...

Amazon Linux 2 : libreswan (ALAS-2023-2299)

The version of libreswan installed on the remote host is prior to 3.25-4.8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2299 advisory. A NULL pointer dereference vulnerability was found in the Libreswan package. When an IKEv1 ISAKMP SA Informational Exchange pack...

WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.4.2 is vulnerable to Broken Access Control

Software Online Booking & Scheduling Calendar for WordPress by vcita Type Plugin Vulnerable versions = 4.4.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2299 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID...

CVE-2023-2299 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-API

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.4.2 due to a missing capability check on the processAction...

CVE-2023-2299

CVE-2023-2299 affects the Online Booking & Scheduling Calendar for WordPress by vcita plugin. The issue is an unauthorized data modification vulnerability via the REST-API endpoint /wp-json/vcita-wordpress/v1/actions/auth, caused by a missing capability check in the processAction function. It aff...

SUSE CVE-2014-2299

Buffer overflow in the mpegread function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a large record in MPEG data...

CVE-2022-2299

creationtimestamp| type| source ---|---|--- 2022-07-25 16:33:10+00:00| seen| https://t.me/cibsecurity/46899 2023-12-11 12:42:18+00:00| seen| https://t.me/arpsyndicate/1735...

CVE-2022-2299

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-2299 Allow SVG Files <= 1.1 - Author+ Stored Cross Site Scripting via SVG

The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2022-2299

The CVE-2022-2299 entry concerns the WordPress plugin Allow SVG Files (

Mageia: Security Advisory (MGASA-2014-0125)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : microcode_ctl (RHSA-2021:2299)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2299 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: vt-d related privilege escalation CVE-2020-24489 hw:...

mysql:8.0 security, bug fix, and enhancement update

An update is available for mecab-ipadic, mecab, mysql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MySQL is a multi-user, multi-threaded SQL database server...