Exploit for CVE-2026-2600

CVE-2026-2600 ElementsKit Elementor Addons $item e...

CVE-2026-2600

creationtimestamp| type| source ---|---|--- 2026-04-04 08:24:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3minsou44wm2i 2026-04-10 18:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj5xdbusez2m 2026-04-20 19:00:15+00:00| published-proof-of-concept|...

SUSE CVE-2026-25988

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-4...

CVE-2019-2600

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite subcomponent: Message Display. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...

VulnCheck KEV: CVE-2021-40856

Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring...

CVE-2020-2600

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Elastic Search. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...

CVE-2025-2600

creationtimestamp| type| source ---|---|--- 2025-03-26 20:34:51+00:00| seen| https://t.me/cvedetector/21206...

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATEDPASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2024-2600)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.12+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2600 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

RHEL 6 / 7 : rh-mysql57-mysql (RHSA-2018:0586)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0586 advisory. - mysql: Server: InnoDB unspecified vulnerability CPU Jan 2018 CVE-2018-2565 - mysql: Server: GIS unspecified vulnerability CPU Jan 2018...

CVE-2013-2600

creationtimestamp| type| source ---|---|--- 2024-02-01 14:46:19+00:00| seen| https://t.me/ctinow/177592...

MAL-2024-404 Malicious code in wlwz-2312-2600 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5eef6b16686784256db2a00384a8ec28d6497cbe82599dae0f938574b300987 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-2600 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5eef6b16686784256db2a00384a8ec28d6497cbe82599dae0f938574b300987 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2023-2600)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2600

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2600

CVE-2023-2600 concerns the WordPress plugin Custom Base Terms prior to version 1.0.3, where certain settings aren’t sanitized or escaped. This can enable stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The NVD entry assigns CVSS 3.1: AV...

CVE-2023-2600 Custom Base Terms < 1.0.3 - Admin+ Stored XSS

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...