CVE-2026-2864

A vulnerability has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to path traversal. The attack can be launched...

CVE-2022-2864

creationtimestamp| type| source ---|---|--- 2025-12-19 20:18:03+00:00| seen| https://t.me/Dooztoria/22...

Amazon Linux 2 : open-vm-tools (ALAS-2025-2864)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2864 advisory. VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a gue...

CVE-2020-2864

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Accounts. Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier...

CVE-2025-2864

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

CVE-2025-2864

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

CVE-2025-2864

CVE-2025-2864 describes a reflected Cross-Site Scripting (XSS) vulnerability in SaTECH BCU firmware 2.1.3. The issue allows an attacker to inject malicious code into a legitimate website owned by the affected device, triggered when a cookie is set. The impact is limited to the victim’s browser; n...

CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

AlmaLinux 9 : webkit2gtk3 (ALSA-2025:2864)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2864 advisory. webkitgtk: out-of-bounds write vulnerability CVE-2025-24201 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. No...

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

CVE-2024-2864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5...

CVE-2024-2864

Technical details about CVE-2024-2864 are not publicly provided in the supplied documents. No affected versions, root cause, exploit info, or remediation are present here. Monitor for updates.

CVE-2024-2864 WordPress Youzify - Buddypress Moderation plugin <= 1.2.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5...

WordPress Youzify Buddypress Moderation Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Youzify Buddypress Moderation Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2864 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 8372e235157d Credits Esteban Segura Ripoll...

CVE-2022-2864

Summary: CVE-2022-2864 concerns the WordPress plugin “Demon Image Annotation” (versions

SUSE: Security Advisory (SUSE-SU-2022:2864-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-proxy (RHSA-2020:2864)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2864 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

CVE-2020-2864

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Accounts. Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier...

CVE-2020-2864

CVE-2020-2864 concerns Oracle E-Business Suite’s Oracle iSupplier Portal (Accounts) with vulnerability in affected versions 12.1.3 and 12.2.5–12.2.9. An unauthenticated, network-accessible attacker can exploit HTTP to obtain unauthorized read access to a subset of Oracle iSupplier Portal data. Th...