CVE-2026-2655 ChaiScript chaiscript_defines.hpp operator use after free

A vulnerability was detected in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::strless::operator of the file include/chaiscript/chaiscriptdefines.hpp. The manipulation results in use after free. The attack requires a local approach. The attack requires a high level of...

ECHO-59B8-F04E-2655

Bulletin has no description...

PT-2026-2655

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 144.0.7559.59 Description: A flaw exists in the V8 JavaScript engine within Google Chrome. This issue involves an out-of-bounds memory access, potentially allowing a remote attacker to execute arbitrary code or...

CVE-2022-2655

The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2005-2655

lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments...

CVE-2025-2655

creationtimestamp| type| source ---|---|--- 2025-03-23 19:49:43+00:00| seen| https://t.me/cvedetector/20909 2025-03-23 20:19:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ll32ufd7ea2x...

CVE-2025-2655

A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function saveusers/deleteusers of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-2655 SourceCodester AC Repair and Services System Users.php delete_users sql injection

A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function saveusers/deleteusers of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-2655 SourceCodester AC Repair and Services System Users.php delete_users sql injection

A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function saveusers/deleteusers of the file /classes/Users.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The...

Amazon Linux 2 : libtiff (ALAS-2024-2655)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2655 advisory. Multiple potential integer overflow in raw2tiff.c in libtiff = 4.5.1 can allow remote attackers to cause a denial of service...

CGA-G767-P7JF-2655

Bulletin has no description...

openSUSE Security Advisory (SUSE-SU-2024:2655-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Livemesh Addons for Elementor Plugin <= 8.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Livemesh Addons for Elementor Type Plugin Vulnerable versions = 8.3.6 Fixed in 8.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2655 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 21ff8c74e1bd Credits...

CVE-2024-2655 Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated...

CVE-2023-2655

creationtimestamp| type| source ---|---|--- 2024-01-16 17:27:09+00:00| seen| https://t.me/ctinow/168906 2024-01-23 17:16:50+00:00| seen| https://t.me/ctinow/172132 2024-02-06 09:41:27+00:00| seen| https://t.me/ctinow/179855...

CVE-2023-2655

The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2655

The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2655 Contact Form by WD <= 1.13.23 - Admin+ SQLi

The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2655 Contact Form by WD <= 1.13.23 - Admin+ SQLi

The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2023-2655)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2655 advisory. - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon Tenable...