CVE-2026-6038

creationtimestamp| type| source ---|---|--- 2026-04-10 11:02:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj56cvmzdz2q 2026-04-10 11:16:18+00:00| published-proof-of-concept| Telegram/khgEEPiWkGL9WACMPfvZ8dGv1ooPTaC6hfehoeURB75s6dQ...

CVE-2026-6038

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

Debian: Security Advisory (DSA-6038-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-6042

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...

EUVD-2025-34512

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...

CVE-2025-6038

creationtimestamp| type| source ---|---|--- 2025-10-09 06:43:07+00:00| seen| https://gist.github.com/Darkcrai86/6275953555a1389c1f96949e6cd0d972 2025-10-15 06:36:18+00:00| seen| https://gist.github.com/Darkcrai86/211b257eaab9b8dcd1b411225ef1a260...

CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...

WordPress Lisfinity Core plugin <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lisfinity Core versions = 1.4.0...

Linux Distros Unpatched Vulnerability : CVE-2018-6038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

CVE-2024-6038

A Regular Expression Denial of Service ReDoS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filterhistory function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history...

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure', 'Description' = %q ManageEngine...

CVE-2024-6038

A Regular Expression Denial of Service ReDoS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filterhistory function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-6038-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6038-2 advisory. USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and G...

CVE-2023-6038

creationtimestamp| type| source ---|---|--- 2023-12-23 15:16:30+00:00| seen| https://t.me/arpsyndicate/2138...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.40.0.4), ai.h2o:h2o-algos (>=0.1.9 <=3.40.0.4) +45 more potentially affected by CVE-2023-6038 via ai.h2o:h2o-core (>=0.1.10 <=3.40.0.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.40.0.4 and more Source cves: CVE-2023-6038 Source advisory: OSV:GHSA-6MV8-95X5-XCQ9...

CVE-2023-6038

CVE-2023-6038 describes a Local File Inclusion in the h2o-3 REST API (ImportFiles and ParseSetup endpoints). An unauthenticated attacker can read arbitrary files on the server with the h2o-3 process’s user permissions. Affected version identified in sources is 3.40.0.4. The issue is severity high...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-6038-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6038-1 advisory. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attack...

SUSE CVE-2018-6038

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

CVE-2014-6038

CVE-2014-6038 affects Zoho/ManageEngine EventLog Analyzer (v7–v9.9 build 9002). The cited issue is an information disclosure in the agentHandler servlet, enabling an unauthenticated remote attacker to obtain usernames, passwords or hashes from the managed hosts’ data. Some connected sources also ...