CVE-2026-2907

creationtimestamp| type| source ---|---|--- 2026-02-24 00:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfkvgthfta2r...

CVE-2026-2907 Tenda HG9 GPON Configuration Endpoint formgponConf stack-based overflow

A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgponloid/fmgponloidpassword causes stack-based buffer overflow...

CVE-2009-2907

Multiple cross-site scripting XSS vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite AMS before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers t...

WordPress Order Delivery Date Pro for WooCommerce plugin < 12.3.1 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Mike Gozdiskowski in WordPress Plugin Order Delivery Date for WP e-Commerce versions 12.3.1...

CVE-2025-2907

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

CVE-2025-2907

creationtimestamp| type| source ---|---|--- 2025-04-26 06:08:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13566 2025-04-26 07:25:43+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnp7ep2ivca2 2025-04-26...

CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

CVE-2025-2907

The CVE-2025-2907 issue affects the WordPress plugin Order Delivery Date Pro for WooCommerce (versions before 12.3.1). The root cause is missing authorization and CSRF checks when importing settings, allowing an unauthenticated attacker to update arbitrary options such as default_user_role to adm...

CVE-2025-2907 Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

Linux Distros Unpatched Vulnerability : CVE-2014-2907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The srtpaddaddress function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation...

CVE-2020-2907

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracl...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2907)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2024-2907 AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL

The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Absolutely Glamorous Custom Admin Plugin < 7.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Absolutely Glamorous Custom Admin Type Plugin Vulnerable versions 7.2.2 Fixed in 7.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2907 Patch priority Low CVSS severity Low 5.9 Developer Cusmin PSID c9b7d9956a4d Credits Dikshita Trivedi...

Malicious code in wlwz-2312-2907 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6948f8ffc9ee762ec3adf6f24f6f196d214e4237770fd1f7dee1081eb5b3782 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-438 Malicious code in wlwz-2312-2907 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6948f8ffc9ee762ec3adf6f24f6f196d214e4237770fd1f7dee1081eb5b3782 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2019-2907

creationtimestamp| type| source ---|---|--- 2024-01-09 15:46:58+00:00| seen| https://t.me/ctinow/165074...

GitLab 12.9 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-2907)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It w...

SUSE: Security Advisory (SUSE-SU-2023:2907-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...