62 matches found
CVE-2026-2413
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...
CVE-2026-2413
creationtimestamp| type| source ---|---|--- 2026-03-11 04:18:01+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2413 2026-03-11 17:30:18+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-2413.yaml...
PT-2026-24548
Name of the Vulnerable Software and Affected Versions The Ally – Web Accessibility & Usability plugin for WordPress versions prior to 4.1.0 Description The Ally – Web Accessibility & Usability plugin for WordPress is susceptible to SQL Injection through the URL path. This occurs because of...
Linux Distros Unpatched Vulnerability : CVE-2016-2413
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which...
CVE-2025-2413
creationtimestamp| type| source ---|---|--- 2025-09-02 16:49:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxul5lrwhn2c...
CVE-2023-2413
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/managebooking.php. The manipulation of the argument id leads to sql injection. The attack can be...
CVE-2022-2413
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2413)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2413-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-2413
creationtimestamp| type| source ---|---|--- 2024-03-13 04:26:51+00:00| seen| https://t.me/ctinow/206380 2024-03-13 04:31:28+00:00| seen| https://t.me/ctinow/206383 2025-04-15 15:54:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11862...
CVE-2024-2413
CVE-2024-2413 affects Intumit SmartRobot, which uses a fixed cryptographic key for authentication. This allows remote attackers to craft an authentication code by encrypting a string of the user’s name and a timestamp, enabling administrator privileges and potential arbitrary code execution on th...
CVE-2012-2413
creationtimestamp| type| source ---|---|--- 2024-01-27 09:41:20+00:00| seen| https://t.me/ctinow/174711...
CVE-2022-2413 Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfilteredhtml capability is...
CVE-2022-2413
The CVE-2022-2413 issue affects the Slide Anything WordPress plugin prior to 2.3.47. Root cause: the slide title is not properly sanitized/escaped before output in admin pages, enabling a logged-in user with roles as low as Author to inject JavaScript payloads. Impact: cross-site scripting in adm...
Amazon Linux 2 : python-pillow (ALAS-2024-2413)
The version of python-pillow installed on the remote host is prior to 2.0.0-23.gitd1c6db8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2413 advisory. Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the crafted image...
open-vm-tools security update
11.0.5-3.0.1 - fix spaces in vmware udev rule for scsi devices Orabug: 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. Orabug: 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified sp...
CVE-2023-2413 SourceCodester AC Repair and Services System manage_booking.php sql injection
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/managebooking.php. The manipulation of the argument id leads to sql injection. The attack can be...
CVE-2023-2413
CVE-2023-2413 affects SourceCodester AC Repair and Services System 1.0 . The flaw is in file /admin/bookings/manage_booking.php , where the application directly uses the id parameter in a SQL query, resulting in a SQL injection vulnerability. Reports indicate the issue is exploitable remotely and...
Mageia: Security Advisory (MGASA-2014-0189)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:2413-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...