CVE-2026-2986

creationtimestamp| type| source ---|---|--- 2026-04-18 22:15:05+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116428013886069984 2026-04-19 01:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116428782134450850 2026-04-19 01:30:30+00:00| seen|...

MiracleLinux 8 : java-17-openjdk-17.0.2.0.8-4.el8 (AXSA:2022-2986:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2986:01 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF...

CVE-2019-2986

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM component: LLVM Interpreter. The supported version that is affected is 19.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM...

Linux Distros Unpatched Vulnerability : CVE-2022-2986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. CVE-2022-2986 Note that Nessus relies on the presence...

CVE-2012-2986

lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 first, 2 third, or 3 fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361...

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2986

creationtimestamp| type| source ---|---|--- 2025-04-25 12:09:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13409 2025-04-25 13:19:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnncromcw42h 2025-04-25 15:00:29+00:00| seen| https://t.me/cvedetector/23750...

Linux Distros Unpatched Vulnerability : CVE-2017-2986

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video FLV codec. Successful exploitation could...

CentOS 8 : python3.11-urllib3 (CESA-2024:2986)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2024:2986 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies ov...

Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin

On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass Exploit

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit. Entering the URL in browser will give you access to the respective users acc...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...

CVE-2023-2986

creationtimestamp| type| source ---|---|--- 2023-06-09 18:25:15+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4527 2023-06-13 20:55:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4557 2023-06-28 09:18:53+00:00| seen| https://t.me/kasraonecom/323 2023-06-30...

Exploit for CVE-2023-2986

Original Proof of Concept for CVE-2023-2986 Proof of Concept...

CVE-2023-2986 Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

CVE-2023-2986

CVE-2023-2986 affects the WordPress plugin Abandoned Cart Lite for WooCommerce. It enables authentication bypass via the abandoned cart workflow due to insufficient encryption when decoding the cart link, allowing unauthenticated login as customers. Affected versions go up to 5.14.2; fixes were i...

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

Moodle 4.0.x < 4.0.3 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.16, 3.11.x prior to 3.11.9 or 4.0.x prior to 4.0.3. It is, therefore, affected by multiple vulnerabilities: - A vulnerable version of the Mustache template library included in Moodle. CVE-2022-0323 - A Cross-Site Request...

Moodle 3.11.x < 3.11.9 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.16, 3.11.x prior to 3.11.9 or 4.0.x prior to 4.0.3. It is, therefore, affected by multiple vulnerabilities: - A vulnerable version of the Mustache template library included in Moodle. CVE-2022-0323 - A Cross-Site Request...