MiracleLinux 3 : java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.0.1.AXS3 (AXSA:2013-553:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-553:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-1500 Unspecified vulnerability in the Java Runtime Environment JRE...

EUVD-2026-2407

Malicious code in francium-utils npm...

CVE-2025-2407

creationtimestamp| type| source ---|---|--- 2025-05-27 08:36:55+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq5buhtwcf62 2025-05-27 08:48:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17617 2025-05-27 09:49:38+00:00| seen|...

CVE-2025-2407

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

CVE-2025-2407 Missing Authentication & Authorization in Web-API allows adversary unrestricted access

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

CVE-2025-2407

CVE-2025-2407 affects Mobatime AMX MTAPI v6 Web-API on IIS. The issue is Missing Authentication & Authorization, allowing unauthenticated network access to the Web-API. Root cause: lack of access controls in the Web-API enables adversaries to reach functionality that should require authentication...

CVE-2025-2407 Missing Authentication & Authorization in Web-API allows adversary unrestricted access

Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows adversaries to unrestricted access via the network. The vulnerability is fixed in Version 1.5...

CVE-2022-2407

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-2407

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2007-2407 vulnerabilities

Vulnerabilities for packages: samba...

CVE-2007-2407 vulnerabilities

Vulnerabilities for packages: samba...

Malicious code in wlwz-2312-2407 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0a4aafbff9064a1c7ef382e5e371323e55bb597166df6cb77aa123a360e3926 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Medium: gstreamer-plugins-base

Issue Overview: A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible. The highest threat from this vulnerability is to system availability. CVE-2021-3522 Affected Packages: gstreamer-plugins-base Note: This advisory is applicable to...

Amazon Linux 2 : gstreamer-plugins-base (ALAS-2024-2407)

The version of gstreamer-plugins-base installed on the remote host is prior to 0.10.36-18. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2407 advisory. A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is...

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

CVE-2023-2407

CVE-2023-2407 is a CSRF flaw in The Event Registration Calendar By vcita plugin (and Online Payments) for WordPress. The root cause is missing nonce validation in the ls_parse_vcita_callback() function, allowing unauthenticated attackers to modify plugin settings and inject malicious JavaScript v...

CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4002 and CVE-2013-2407)

Abstract Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server CVE-2013-4002 and CVE-2013-2407 Content SUMMARY: IBM Information Server is impacted by security vulnerabilities in the IBM Java Runtime Environment JRE that affect availability an...

Security Bulletin: IBM SPSS Modeler - XML (CVE-2013-2407)

Abstract If an attacker makes a victim open a specially crafted XML document, it could be possible to conduct denial of service attacks using IBM SPSS Modeler installed on the victim's system. Content VULNERABILITY DETAILS CVE ID: CVE-2013-2407 DESCRIPTION: If an attacker makes a victim open a...