22 matches found
CVE-2026-32649
creationtimestamp| type| source ---|---|--- 2026-04-23 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03...
CVE-2022-32649
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840...
CVE-2021-32649
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...
CVE-2025-32649
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Reflected XSS.This issue affects GB Gallery Slideshow: from n/a through = 1.3...
CVE-2025-32649 WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3...
CVE-2025-32649
GB Gallery Slideshow (WordPress plugin gb-gallery-slideshow) is affected by CVE-2025-32649: a Reflected XSS caused by improper neutralization of inputs during web page generation. Affected versions are up to 1.3. Public exploit details are not provided in the connected documents. CVSS and patch s...
CVE-2025-32649 WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Reflected XSS.This issue affects GB Gallery Slideshow: from n/a through = 1.3...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-32649 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-32649 Source advisory: OSV:GHSA-5JRJ-52X8-M64H...
2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-32649 via vyper (>=0.1.0b12 <=0.3.9)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-32649 Source advisory: OSV:PYSEC-2024-209...
Siemens RUGGEDCOM APE1808 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2023-32649
creationtimestamp| type| source ---|---|--- 2023-09-19 14:29:15+00:00| seen| https://t.me/cibsecurity/70704...
CVE-2023-32649
A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...
CVE-2023-32649
A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...
CVE-2023-32649 DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...
CVE-2022-32649
CVE-2022-32649 describes a local use-after-free in the jpeg component caused by a logic error, enabling local privilege escalation to SYSTEM with no user interaction. Affected software is described only as jpeg (no vendor/product version details provided in the documents). The vulnerability’s imp...
CVE-2022-32649
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225840; Issue ID: ALPS07225840...
CVE-2021-32649
creationtimestamp| type| source ---|---|--- 2022-01-14 18:23:15+00:00| seen| https://t.me/cibsecurity/35505...
CVE-2021-32649 Authenticated file write leads to remote code execution in october/system
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...
CVE-2021-32649
CVE-2021-32649 affects October CMS (Laravel-based). Before versions 1.0.473 and 1.1.6 , an attacker with backend privileges to create, modify and delete website pages can trigger PHP code execution by embedding specially crafted Twig code in the template markup. The issue is remedied in Build 473...