RockyLinux 10 : kernel (RLSA-2026:1690)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1690 advisory. kernel: Linux kernel: irqchip/gic-v2m use-after-free vulnerability CVE-2025-37819 kernel: RDMA/core: Fix KASAN: slab-use-after-free Read in...

CVE-2022-38731

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...

CVE-2025-38731

creationtimestamp| type| source ---|---|--- 2025-09-10 21:49:37+00:00| seen| https://bsky.app/profile/omo.bsky.social/post/3lyj7mp5zgc2w...

CVE-2025-38731

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vmbindioctl double free bug If the argument check during an array bind fails, the bindops are freed twice as seen below. Fix this by setting bindops to NULL after freeing...

CVE-2025-38731

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vmbindioctl double free bug If the argument check during an array bind fails, the bindops are freed twice as seen below. Fix this by setting bindops to NULL after freeing...

CVE-2025-38731

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vmbindioctl double free bug If the argument check during an array bind fails, the bindops are freed twice as seen below. Fix this by setting bindops to NULL after freeing...

CVE-2021-38731

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via AntZekou.php...

CVE-2024-38731

Cross-Site Request Forgery CSRF vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7...

CVE-2024-38731 WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7...

CVE-2024-38731

CVE-2024-38731 is a CSRF vulnerability in the WordPress theme i-amaze by Marsian, affecting versions up to 1.3.7 (and “n/a through 1.3.7” as stated). The CVSS metrics indicate a network attack vector, no confidentiality impact, and a partial integrity impact with a required user interaction, yiel...

WordPress i-amaze Theme <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software i-amaze Type Theme Vulnerable versions = 1.3.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38731 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b6666f2a8369 Credits Dhabaleshwar Das Required...

CVE-2022-38731

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...

CVE-2022-38731

CVE-2022-38731 affects Qaelum DOSE versions 18.08–21.1 prior to 21.2. The issue is a directory traversal via the loadimages name parameter, allowing an attacker to specify an arbitrary filesystem path to load images (only images displayed; other files loaded but not shown) and to enumerate local ...

CVE-2022-38731

creationtimestamp| type| source ---|---|--- 2023-02-15 05:27:59+00:00| seen| https://t.me/cKure/10672 2023-02-16 16:12:17+00:00| seen| https://t.me/cibsecurity/58311 2025-03-19 15:17:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8067...

CVE-2021-38731

creationtimestamp| type| source ---|---|--- 2022-10-28 20:29:38+00:00| seen| https://t.me/cibsecurity/52226...

CVE-2021-38731

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via AntZekou.php...

CVE-2021-38731

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via AntZekou.php...

CVE-2021-38731

CVE-2021-38731 concerns SEMCMS SHOP v1.1, where Ant_Zekou.php is vulnerable to SQL injection due to input validation gaps. The weakness can allow an attacker to execute arbitrary SQL commands and potentially exfiltrate or manipulate database data. Documented impacts are high (health of data confi...

astro7.ru XSS vulnerability

Vulnerable URL: https://astro7.ru/search/?searchtext=%22%3E%3Csvg%2Fonload%3Dco\u006efir\u006dOPENBUGBOUNTY%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 38731 VIP website...