CVE-2026-5126

creationtimestamp| type| source ---|---|--- 2026-03-30 20:30:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miciww6xch22...

MiracleLinux 7 : qemu-kvm-1.5.3-105.el7.7 (AXSA:2016-618:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-618:03 advisory. qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a virtual machine monitor together...

CVE-2025-5126

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2025-5126 Teledyne FLIR AX8 settingsregional.php setDataTime command injection

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2025-5126 Teledyne FLIR AX8 settingsregional.php setDataTime command injection

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2023-5126

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugindeleteme' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2011-5126

Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file...

CVE-2009-5126

The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service application crash via a crafted file...

CVE-2019-5126

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open t...

CVE-2024-5126 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due t...

WordPress Delete Me Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Software Delete Me Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5126 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 66ecd54b472e Credits Lana Codes Required privilege...

CVE-2023-5126

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugindeleteme' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5126 Delete Me <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugindeleteme' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5126

CVE-2023-5126 affects the WordPress plugin Delete Me (≤ 3.0). It is a stored XSS via the shortcode plugin_delete_me, caused by insufficient input sanitization and output escaping of shortcode attributes, enabling authenticated users with contributor-level+ to inject scripts executed on page view....

SUSE CVE-2017-5126

A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

Debian DSA-5126-1 : ffmpeg - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dsa-5126 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc. The descriptive text and...

Mageia: Security Advisory (MGASA-2017-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : Bind vulnerability (USN-5126-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5126-2 advisory. USN-5126-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

Ubuntu: Security Advisory (USN-5126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS : Bind vulnerability (USN-5126-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5126-1 advisory. Kishore Kumar Kothapalli discovered that Bind incorrectly handled the lame cache when processing responses. A remote attacker could possibly use this...