MiracleLinux 4 : xorg-x11-server-1.15.0-36.0.1.AXS4 (AXBA:2015-352:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2015-352:03 advisory. - The ProcPutImage function in dix/dispatch.c in X.Org Server aka xserver and xorg-server before 1.16.4 allows attackers to cause a denial of service...

CVE-2022-3418

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...

CVE-2025-3418

creationtimestamp| type| source ---|---|--- 2025-04-12 06:51:46+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11549 2025-04-12 08:17:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmm3u4nnul24 2025-04-12 08:48:12+00:00| seen|...

CVE-2025-3418

CVE-2025-3418 affects WPC Admin Columns for WordPress. The issue is a privilege-escalation via the ajax_edit_save path: authenticated users with Subscriber+ can update their user meta to elevate to administrator, due to insufficient access control on that update. Root cause: missing/weak authoriz...

CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...

WordPress WPC Admin Columns plugin 2.0.6-2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update vulnerability

Authenticated Subscriber+ Privilege Escalation via User Meta Update vulnerability discovered by kr0d in WordPress Plugin WPC Admin Columns versions 2.0.6-2.1.0...

Linux Distros Unpatched Vulnerability : CVE-2015-3418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ProcPutImage function in dix/dispatch.c in X.Org Server aka xserver and xorg-server before 1.16.4 allows attackers to cause a denial of service divide-by-ze...

SUSE: Security Advisory (SUSE-SU-2024:3418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : xorg-x11-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xorg-x11-server: unvalidated lengths in RENDER extension CVE-2017-12187 - The ProcPutImage function in...

RHEL 9 : rust (RHSA-2024:3418)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3418 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3418)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BELL-CVE-2021-3418 CVE-2021-3418 does not affect BellSoft software

Bulletin has no description...

CVE-2023-3418

creationtimestamp| type| source ---|---|--- 2023-07-17 18:40:16+00:00| seen| https://t.me/cibsecurity/66819...

CVE-2023-3418

...

CVE-2023-3418

Summary: CVE-2023-3418 corresponds to a stored Cross-Site Scripting (XSS) vulnerability in the Querlo Chatbot WordPress plugin. Concrete details in connected sources show the issue affected Querlo Chatbot WordPress plugin versions up to 1.2.4 (and earlier) and describe that unauthenticated or sub...

Debian: Security Advisory (DLA-120)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2015-3418

The ProcPutImage function in dix/dispatch.c in X.Org Server aka xserver and xorg-server before 1.16.4 allows attackers to cause a denial of service divide-by-zero and crash via a zero-height PutImage request...

WordPress Import any XML or CSV File to WordPress Plugin < 3.6.9 Multiple File Upload Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-3418

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...

CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...