67 matches found
CVE-2026-5164
creationtimestamp| type| source ---|---|--- 2026-03-30 16:43:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mic4a66czk2j...
CVE-2026-5164 Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap request
A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. Th...
Linux Distros Unpatched Vulnerability : CVE-2026-5164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in virtio-win. The RhelDoUnMap function does not properly validate the number of descriptors provided by a user during an unmap request. A loca...
CVE-2025-5164
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...
CVE-2025-5164
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...
CVE-2025-5164
creationtimestamp| type| source ---|---|--- 2025-05-26 02:46:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17523 2025-05-26 06:09:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lq2j6nz4mc2q...
CVE-2025-5164
Affected software: PerfreeBlog 4.0.11. Vulnerability: in the function JwtUtil of the JWT Handler, leading to use of a hard-coded cryptographic key. Impact/exposure: exploit can be initiated remotely; attack complexity is high, with confidential data integrity and availability potentially affected...
CVE-2025-5164 PerfreeBlog JWT JwtUtil hard-coded key
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...
CVE-2023-5164
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2013-5164
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane...
Linux Distros Unpatched Vulnerability : CVE-2014-5164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rlcdecodeli function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only afte...
CVE-2024-5164
creationtimestamp| type| source ---|---|--- 2025-02-11 02:19:15+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhultsegt522...
CentOS 6 : thunderbird (RHSA-2020:5164)
The remote CentOS Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5164 advisory. - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This...
CVE-2019-5164
creationtimestamp| type| source ---|---|--- 2024-03-07 10:07:03+00:00| seen| https://t.me/ctinow/202243...
CVE-2023-5164
The Bellows Accordion Menu plugin for WordPress is affected by a stored XSS in shortcode attributes (versions up to and including 1.4.2) due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling injection of scr...
CVE-2023-5164 Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5164 Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress Bellows Accordion Menu Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Bellows Accordion Menu Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5164 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 390a77233aee Credits István Márton...
Current implementation may be vulnerable to griefing attacks
Lines of code Vulnerability details Impact EIP 5164 states that: CrossChainExecutors SHOULD revert with a CallFailure error if a call fails. The current implementation of EIP-5164 makes the assumption CallLib.solL61-L72 that all call data are legitimately crafted. For context-agnostic protocols,...
CrossChainExecutorPolygon does not implement the executeCalls function
Lines of code Vulnerability details Impact The CrossChainExecutor contracts in the codebase are meant to follow the CrossChainExecutor interface as defined in EIP-5164. Each L2 network specific CrossChainExecutor contract is also expected to inherit and follow the ICrossChainExecutor interface...