RHCOS 4 : OpenShift Container Platform 4.10.25 (RHSA-2022:5729)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5729 advisory. - golang: cmd/go: misinterpretation of branch names can lead to incorrect access control CVE-2022-23773 - golang: crypto/elliptic:...

CVE-2026-23806

creationtimestamp| type| source ---|---|--- 2026-03-27 19:18:40+00:00| published-proof-of-concept| Telegram/1bFqVBg1WZRYib4qCiBn36zcLriGuSpWJXWdU6ZWtzYtM...

CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary Multiple vulnerabilities were addressed in IBM Rapid Infrastructure Automation v1.1.5 Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This...

Linux Distros Unpatched Vulnerability : CVE-2022-23806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a...

Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2022-23806)

The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23806 advisory. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can...

CVE-2025-23806 WordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFarmer Ultimate Subscribe ultimate-subscribe allows Reflected XSS.This issue affects Ultimate Subscribe: from n/a through = 1.3...

CBL Mariner 2.0 Security Update: golang (CVE-2022-23806)

The version of golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-23806 advisory. - Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true...

CVE-2022-23806 affecting package python-tensorboard for versions less than 2.16.2-2

CVE-2022-23806 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-23806

creationtimestamp| type| source ---|---|--- 2024-02-07 18:32:25+00:00| seen| https://t.me/ctinow/180883 2024-03-01 14:46:49+00:00| seen| https://t.me/ctinow/197660 2025-06-13 15:36:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18303...

CVE-2024-23806

CVE-2024-23806 targets HID iCLASS SE reader configuration cards and related devices. The vulnerability is described as Improper Authorization (CWE-285) and can allow reading sensitive data from the configuration cards, including credential and device administrator keys. Affected products include ...

Security Bulletin: Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerability ( CVE-2022-23806)

Summary Potential Golang Go denial of service vulnerability CVE-2022-23806 has been identified that may affect Watson CP4D Data Stores Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23806 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a...

CVE-2023-23806

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

CVE-2023-23806

CVE-2023-23806 affects WordPress through the Davinder Singh Custom Settings plugin (

CVE-2023-23806 WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

CVE-2023-23806 WordPress WordPress Custom Settings Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Davinder Singh Custom Settings plugin = 1.0 versions...

Moderate: Red Hat Security Advisory: Service Telemetry Framework 1.5 security update

An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2023:0601-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0601-1 advisory. - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module,...

SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2023:0602-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0602-1 advisory. - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a...

SUSE SLES15 / openSUSE 15 Security Update : google-guest-agent (SUSE-SU-2023:0600-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0600-1 advisory. - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a...