CVE-2026-5737

creationtimestamp| type| source ---|---|--- 2026-05-28 06:54:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvgtbfpf62h...

CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

CVE-2026-20411

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737...

CGA-PG4C-GXCV-5737

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2019-5737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by...

CVE-2025-5737

creationtimestamp| type| source ---|---|--- 2025-06-06 09:31:41+00:00| published-proof-of-concept| Telegram/mYiFhS0KI41FnuJb80DPaIeUDJlgHATfKqT73V-Gr4Yn1fQ 2025-06-06 10:18:09+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114635904686208441...

CVE-2020-5737

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue...

Debian: Security Advisory (DSA-5737-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-5737

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

CVE-2024-5737 HTML Injection in AdmirorFrames Joomla! Extension

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

CVE-2024-5737

CVE-2024-5737 affects the AdmirorFrames Joomla! extension. Red Hat entries confirm the issue resides in afGdStream.php, which does not set a Content-Type, causing a default text/html to be used. An attacker may embed HTML in image data, which will be rendered by a webpage as HTML. The vulnerabili...

CVE-2024-5737 HTML Injection in AdmirorFrames Joomla! Extension

Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...

CVE-2023-5737 WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings...

Rocky Linux 8 : nodejs:10 (RLSA-2019:2925)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:2925 advisory. - In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS...

RHEL 8 : java-11-openjdk (RHSA-2023:5737)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5737 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJD...

BELL-CVE-2018-5737 CVE-2018-5737 does not affect BellSoft software

Bulletin has no description...

SUSE CVE-2019-5737

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated...

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737)

Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js denial of service vulnerability CVE-2019-5737 Vulnerability Details CVEID:CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive...

Ubuntu: Security Advisory (USN-5737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : APR-util vulnerability (USN-5737-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5737-1 advisory. It was discovered that APR-util did not properly handle memory when using SDBM database files. A local attacker with write access to the database can make a progr...