EUVD-2026-2891

RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger...

CVE-2024-2891

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

Important: perl-File-Find-Rule

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

CVE-2023-2891

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2019-2891

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2025-2891

creationtimestamp| type| source ---|---|--- 2025-04-01 07:32:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9860 2025-04-01 09:48:06+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114262074055767061 2025-04-01 09:48:06+00:00| seen|...

CVE-2025-2891 WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload

The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and abov...

CVE-2025-2891 WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload

The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and abov...

CVE-2025-2891

CVE-2025-2891 – Real Estate 7 WordPress Theme : The vulnerability is in the Real Estate 7 WordPress Theme for WordPress, allowing authenticated attackers with Seller-level access (and above) to upload arbitrary files due to missing file type validation in template-submit-listing.php. Affected ver...

CBL Mariner 2.0 Security Update: libsmi (CVE-2010-2891)

The version of libsmi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2010-2891 advisory. - Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to...

RHEL 4 : libsmi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution CVE-2010-2891 Note that Nessus has not...

RHEL 5 : libsmi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libsmi: buffer overflow in smiGetNode can lead to arbitrary code execution CVE-2010-2891 Note that Nessus has not...

RHEL 8 : httpd:2.4 (RHSA-2024:2891)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2891 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modhttp2: httpd:...

CVE-2010-2891 affecting package libsmi for versions less than 0.4.8-28

CVE-2010-2891 affecting package libsmi for versions less than 0.4.8-28. A patched version of the package is available...

openSUSE: Security Advisory for curl (SUSE-SU-2023:2891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-2891

creationtimestamp| type| source ---|---|--- 2024-01-09 14:46:42+00:00| seen| https://t.me/ctinow/165029...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2023-2891)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2023:2891-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2891-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...