ECHO-2436-9955-1C74

Bulletin has no description...

CVE-2026-2436 affecting package libsoup for versions less than 3.4.4-15

CVE-2026-2436 affecting package libsoup for versions less than 3.4.4-15. A patched version of the package is available...

DEBIAN-CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

CVE-2026-2436

creationtimestamp| type| source ---|---|--- 2026-03-26 20:05:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhyfnja7ff24...

CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

CVE-2026-2436

A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the soupserverdisconnect function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a...

CVE-2022-2436

creationtimestamp| type| source ---|---|--- 2025-12-19 20:18:03+00:00| seen| https://t.me/Dooztoria/22...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2025-2436)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 3: mysql:8.0 (TSSA-2022:0107)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0107 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2023-2436

The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bloginblog' shortcode in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2021-2436

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2024-2436

creationtimestamp| type| source ---|---|--- 2025-02-06 02:44:20+00:00| seen| Telegram/6ub3Dkh6mz5Z6cKAWBoMhCtDW7mHTv-Kwi5IBYZeMojx45H...

RHEL 7 : rh-mysql80-mysql (RHSA-2019:2484)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2484 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

SUSE: Security Advisory (SUSE-SU-2024:2436-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CGA-2436-CWR3-M3XR

Bulletin has no description...

CVE-2024-2436

The CVE-2024-2436 entry concerns the Lightweight Accordion WordPress plugin. It describes a stored XSS in the plugin’s shortcodes caused by insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to and including 1.5.16. The vulnerability require...

WordPress Lightweight Accordion Plugin <= 1.5.16 is vulnerable to Cross Site Scripting (XSS)

Software Lightweight Accordion Type Plugin Vulnerable versions = 1.5.16 Fixed in 1.5.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6e6c77a276d Credits Krzysztof Zając...

Amazon Linux 2 : python-jinja2 (ALAS-2024-2436)

The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2436 advisory. Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. I...

Huawei EulerOS: Security Advisory for shim-signed (EulerOS-SA-2023-2436)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...