RHCOS 4 : OpenShift Container Platform 4.3.26 python-psutil (RHSA-2020:2635)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2635 advisory. - python-psutil: Double free because of refcount mishandling CVE-2019-18874 Note that Nessus has not tested for this issue but has instead...

MLflow < 3.8.0 Authentication Bypass (ZDI-26-111)

The version of MLflow installed on the remote host is prior to 3.8.0. It is, therefore, affected by an authentication bypass vulnerability: - A use of default password vulnerability exists in the basicauth.ini file. The file contains hard-coded default credentials that allow remote, unauthenticat...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +685 more potentially affected by CVE-2026-2635 via mlflow (>=2.3.2 <=3.9.0)

mlflow PYPI version =2.3.2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2026-2635 Source advisory: SNYK:PYTHON-MLFLOW-15325638...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +726 more potentially affected by CVE-2026-2635 via mlflow-skinny (>=2.6.0 <=3.9.0rc0)

mlflow-skinny PYPI version =2.6.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2026-2635 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698156...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +910 more potentially affected by CVE-2026-2635 via mlflow (>=0.8.2 <=3.6.0rc0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: CVE-2026-2635 Source advisory: OSV:GHSA-GQ3W-7JJ3-X7GR...

CVE-2026-2635

MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basicauth.ini file. The fi...

CVE-2026-2635

creationtimestamp| type| source ---|---|--- 2026-02-19 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-111/ 2026-02-21 00:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfdcx3zcw32k 2026-03-01 00:01:22+00:00| seen|...

EUVD-2026-2635

EUVD-2026-2635...

EUVD-2008-2418

Malware in sbrugna...

CVE-2022-2635

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-2635 Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function

The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2025-2635 Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function

The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary...

Amazon Linux 2 : microcode_ctl (ALAS-2024-2635)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2635 advisory. 2024-10-10: CVE-2024-22374 was added to this advisory. Improper isolation in some IntelR Processors stream cache...

CVE-2024-2635 Multiple vulnerabilities on Meta4 HR from Cegid

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they d...

CVE-2019-2635

creationtimestamp| type| source ---|---|--- 2023-11-15 16:53:22+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5990...

CVE-2023-2635

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2635

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2635

CVE-2023-2635 concerns the WordPress plugin Call Now Accessibility Button (versions prior to 1.1). The issue is that the plugin does not sanitize and escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite d...

CVE-2023-2635 Call Now Accessibility Button < 1.1 - Admin+ Stored XSS

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SUSE CVE-2011-2635

The Cascading Style Sheets CSS implementation in Opera before 11.10 allows remote attackers to cause a denial of service application crash via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element...