MINI-WMCW-2868-H5CQ

Bulletin has no description...

CVE-2026-2868

The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...

📄 Barracuda ESG TAR Filename Command Injection

This Metasploit module exploits CVE-2023-2868, a command injection vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the ESG processes TAR file attachments - filenames containing shell metacharacters backticks are passed directly to shell commands...

EUVD-2026-2868

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...

CVE-2019-2868

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data...

CVE-2024-2868

creationtimestamp| type| source ---|---|--- 2025-08-27 21:18:42+00:00| seen| Telegram/QRi89iADQMK6Oo4ng2Sn02lnyJbgz2KnJw4HItHLZe3NI...

TencentOS Server 3: libtiff (TSSA-2023:0009)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0009 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2024-2868

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to...

Alibaba Cloud Linux 3 : 0057: libtiff (ALINUX3-SA-2024:0057)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2056: Divide By Zero error in...

RockyLinux 8 : libreoffice (RLSA-2025:2868)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:2868 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the RockyLinux security...

CVE-2025-2868

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

Linux Distros Unpatched Vulnerability : CVE-2022-2868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to suppl...

SUSE: Security Advisory (SUSE-SU-2024:2868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-2868 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to...

WordPress ShopLentor Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2868 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1cdf46cdcf3 Credits wesley wcraft Required...

openSUSE: Security Advisory for cni (SUSE-SU-2023:2868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...

FBI confirms Barracuda patch is not effective for exploited ESG appliances

In an FBI Flash about a Barracuda ESG vulnerability, listed as CVE-2023-2868, the FBI has stated that the patches released by Barracuda in response to this CVE were ineffective for anyone previously infected. Although both Barracude and Mandiant have already made this determination, the agency sa...