CVE-2026-2867

creationtimestamp| type| source ---|---|--- 2026-02-24 09:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mflsitdg4u24...

CVE-2026-2867 itsourcecode Vehicle Management System billaction.php sql injection

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2019-2867

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualB...

TencentOS Server 3: libtiff (TSSA-2023:0009)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0009 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Important: ppp

Issue Overview: The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Affected Packages: ppp Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

CVE-2014-2867

Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors...

Alibaba Cloud Linux 3 : 0057: libtiff (ALINUX3-SA-2024:0057)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2056: Divide By Zero error in...

RockyLinux 9 : grub2 (RLSA-2025:2867)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:2867 advisory. grub2: net: Out-of-bounds write in grubnetsearchconfigfile CVE-2025-0624 Tenable has extracted the preceding description block directly from the RockyLinux securi...

GitLab 17.8 < 17.8.6 / 17.9 < 17.9.3 / 17.10 < 17.10.1 (CVE-2025-2867)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate...

RHSA-2025:2867

creationtimestamp| type| source ---|---|--- 2025-03-27 22:36:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9234...

CVE-2025-2867

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

AlmaLinux 9 : grub2 (ALSA-2025:2867)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:2867 advisory. grub2: net: Out-of-bounds write in grubnetsearchconfigfile CVE-2025-0624 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Linux Distros Unpatched Vulnerability : CVE-2022-2867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libtiff's tiffcrop utility has a uint32t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop likely via...

CVE-2020-2867

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web Container. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

WordPress ProfilePress Plugin < 4.15.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

CVE-2024-2867

CVE-2024-2867: Stored XSS in ProfilePress (Paid Membership Plugin) for WordPress. Affected versions up to 4.15.4 permit authenticated attackers with Contributor+ to inject scripts via the title parameter; scripts run when users visit the injected page. Root cause: insufficient input sanitization ...

WordPress ProfilePress Plugin <= 4.15.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.15.4 Fixed in 4.15.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2867 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c4b31f2d390c Credits Ngô Thiên An ancorn...

BELL-CVE-2022-2867 CVE-2022-2867 does not affect BellSoft software

Bulletin has no description...

Oracle Linux 8 : postgresql-jdbc (ELSA-2023-2867)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2867 advisory. 42.2.14-2 - Fix CVE-2022-41946 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...