Linux Distros Unpatched Vulnerability : CVE-2026-2803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. CVE-2026-2803 Note that...

CVE-2026-2803

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, mitigation bypass in the Settings UI component...

CVE-2026-2803

creationtimestamp| type| source ---|---|--- 2026-02-26 11:34:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfr3zzax3c2s...

SUSE CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox 148 and Thunderbird 148...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.252.b09-2.el8 (AXSA:2020-161:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-161:10 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

MiracleLinux 8 : java-11-openjdk-11.0.7.10-1.el8 (AXSA:2020-214:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-214:06 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

CVE-2020-2803 vulnerabilities

Vulnerabilities for packages: openjdk-8-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-11-openj9...

CVE-2023-2803

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2013-2803

ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack...

CVE-2025-2803

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2803

creationtimestamp| type| source ---|---|--- 2025-03-29 07:28:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9539 2025-03-29 09:31:14+00:00| seen| Telegram/aF4xicIreuyE5yRRD33dmWV9qZXjTlaEQ3JU-sQx2NkHh1A 2025-03-29 10:28:56+00:00| seen| https://t.me/cvedetector/21505...

CVE-2025-2803 So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2803

CVE-2025-2803 concerns the WordPress plugin “So-Called Air Quotes”. The description states unauthenticated attackers can trigger arbitrary shortcode execution in all versions up to 0.1 by exploiting a lack of proper validation before running do_shortcode, enabling shortcode execution without cred...

CVE-2024-2803 ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Malicious code in wlwz-2312-2803 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f74d79fe77718a35b087d5548297d7b9a3d80f669d6867dad3a9dbfd6879397 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2019-2803

creationtimestamp| type| source ---|---|--- 2023-11-15 16:53:22+00:00| seen| https://t.me/BABATATASASA/5989...

CVE-2023-2803 Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2803 Ultimate Addons for Contact Form 7 < 3.1.29 - Reflected XSS

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

K26555255: Multiple Java vulnerabilities CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830

Security Advisory Description CVE-2020-2781 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated...