CVE-2026-5438

creationtimestamp| type| source ---|---|--- 2026-04-09 16:32:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3abnztba24 2026-04-14 20:03:14+00:00| published-proof-of-concept| Telegram/P20Htht508gPcGtfhYsw3BkHMYZAVXCzBRlMvbh3o3mGtY...

Linux Distros Unpatched Vulnerability : CVE-2026-5438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompress...

Multiple Heap Buffer Overflows in Orthanc DICOM Server

Overview Multiple vulnerabilities have been identified in Orthanc DICOM Server version, 1.12.10 and earlier, that affect image decoding and HTTP request handling components. These vulnerabilities include heap buffer overflows, out-of-bounds reads, and resource exhaustion vulnerabilities that may...

CGA-5438-58QQ-RX9Q

Bulletin has no description...

CVE-2025-5438 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads ...

CVE-2025-5438 Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads ...

CVE-2024-5438

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

WordPress Tutor LMS Plugin <= 2.7.1 is vulnerable to Insecure Direct Object References (IDOR)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5438 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 04944e6bcf56 Credits Thanh Nam Tran...

CGA-6QRM-HFR7-5438

Bulletin has no description...

CGA-5438-36J5-5WC8

Bulletin has no description...

CVE-2023-5438

creationtimestamp| type| source ---|---|--- 2023-10-31 11:20:48+00:00| seen| Telegram/EJUKEEUdkKCxvFp5mzun6-I8RaCFXOD6Wzxsqnnc41pA-7E...

CVE-2023-5438

CVE-2023-5438 refers to the WordPress wp-image-slideshow plugin vulnerability. The issue is an SQL Injection in the plugin’s shortcode for versions up to 12.0, caused by insufficient escaping of user-supplied parameters and inadequate query preparation. The impact, as described in the sources, is...

Ubuntu 16.04 ESM : HTMLDOC vulnerability (USN-5438-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5438-2 advisory. USN-5438-1 fixed a vulnerability in HTMLDOC. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

RHEL 8 : thunderbird (RHSA-2023:5438)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5438 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Security Fixes: firefox:...

Debian DSA-5438-1 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5438 advisory. A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerabilit...

Ubuntu 18.04 LTS / 20.04 LTS : HTMLDOC vulnerability (USN-5438-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5438-1 advisory. It was discovered that HTMLDOC did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted HTM...

Security Bulletin: Flex System Manager web server allows Generic XSS (CVE-2013-5438)

Summary The Flex System Manager FSM is running a web server that fails to adequately sanitize request strings of malicious JavaScript. Vulnerability Details Abstract The Flex System Manager FSM is running a web server that fails to adequately sanitize request strings of malicious JavaScript...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...