MINI-3CMF-CM7C-2846

Bulletin has no description...

CVE-2026-2846

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated...

Security update for the Linux Kernel

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE...

📄 FullControl: Remote for Mac 4.0.5 Remote Command Execution

FullControl Remote for Mac version 4.0.5 is vulnerable to unauthenticated remote command execution vulnerability via TCP port 2846. Attackers on the same network can send crafted packets to simulate keyboard input, allowing command execution without user interaction or authentication. Exploit...

📄 FullControl: Remote for Mac 4.0.5 Directory Traversal / Enumeration

FullControl Remote for Mac version 4.0.5 is vulnerable to an unauthenticated directory traversal flaw. An attacker can remotely enumerate and traverse arbitrary directories on the target system by sending crafted JSON requests to TCP port 2846. This vulnerability arises from insufficient input...

📄 FullControl: Remote for Mac 4.0.5 Unauthenticated Screen Capture

FullControl: Remote for Mac version 4.0.5 is vulnerable to an unauthenticated remote screenshot capture and live screen streaming due to a lack of authentication on TCP port 2846. This exploit allows attackers to silently capture screenshots or continuously stream the victim's screen in real-time...

📄 FullControl: Remote for Mac 4.0.5 Remote Code Execution

FullControl: Remote for Mac version 4.0.5 for macOS is vulnerable to unauthenticated remote code execution via TCP port 2846. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title:...

CVE-2023-2846

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets...

CVE-2012-2846

Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service cross-process interference via unspecified vectors...

CVE-2006-2846

Cross-site scripting XSS vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

Advisory ROSA-SA-2025-2846

Software: iperf3 3.5 OS: ROSA Virtualization 2.1 packageevrstring: iperf3-3.5-11.rv3 CVE-ID: CVE-2024-53580 BDU-ID: 2024-11145 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Iperf3 network bandwidth measurement tool is related to improper handling of test parameters passed to the server in json...

CVE-2025-2846

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack...

CVE-2025-2846

CVE-2025-2846 affects SourceCodester Online Eyewear Shop 1.0. The vulnerability resides in the registration function at /oews/classes/Users.php?f=registration, where manipulating the ID parameter leads to SQL injection. It is exploitable remotely and the exploit has been disclosed publicly. Conne...

CVE-2025-2846 SourceCodester Online Eyewear Shop Registration Users.php registration sql injection

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack...

CGA-F96W-2846-5CXR

Bulletin has no description...

CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Visual Footer Credit Remover Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Visual Footer Credit Remover Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2846 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 265b4eed7803 Credits 1337Wannabe...

Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6331-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6331-1 advisory. It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An...

CVE-2023-2846

creationtimestamp| type| source ---|---|--- 2023-06-30 12:16:54+00:00| seen| https://t.me/cibsecurity/65772...

CVE-2023-2846 Authentication Bypass Vulnerability in MELSEC-F Series main module

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets...