Security Bulletin: Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Summary Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

CVE-2026-5807

creationtimestamp| type| source ---|---|--- 2026-04-17 06:50:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjodhxzg7k2r 2026-04-17 07:16:22+00:00| seen| Telegram/tG2JfBYkK87mHaeOPjoo4KUhb5Z5XakpvfcfSoidkAS14Y 2026-04-17 12:54:36+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2015-5807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption a...

CVE-2025-5807 Gwolle Guestbook <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter

The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwollegbcontent’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2025-5807 Gwolle Guestbook <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter

The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwollegbcontent’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

CVE-2023-5807

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29...

CVE-2020-5807

An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpys if a local user opens FactoryTalk Diagnosti...

CVE-2012-5807

The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2024-5807

creationtimestamp| type| source ---|---|--- 2024-07-30 09:02:45+00:00| seen| https://t.me/cvedetector/1986 2025-01-31 14:10:05+00:00| seen| Telegram/rnSeUs2qdya-yEinROFxA8N7F3mjvuSNXUGSd-xczm3plg...

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

Malicious code in wlwz-2312-5807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2f6e66b8de5f26a3b626c09ca71dca9a4caf0faacdba0c61a0fd28848275e94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-699 Malicious code in wlwz-2312-5807 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2f6e66b8de5f26a3b626c09ca71dca9a4caf0faacdba0c61a0fd28848275e94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

October CMS 3.4.0 Wiki Article Cross Site Scripting

OctoberCMS v3.4.0 Wikiarticle Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

CVE-2023-5807

creationtimestamp| type| source ---|---|--- 2023-10-27 16:17:04+00:00| seen| https://t.me/cibsecurity/73050...

CVE-2023-5807

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29...

CVE-2023-5807 SQLi in TRtek Software's Education Portal

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29...

CVE-2023-5807

CVE-2023-5807 is a SQL Injection vulnerability in TRtek Software Education Portal, arising from improper neutralization of special elements in SQL commands. Affected: Education Portal prior to version 3.2023.29. Root cause: improper input handling in SQL statements. Impact (as per CVSS and source...