49 matches found
DSA-6138-1 libpng1.6 - security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2018-6138
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extensi...
CVE-2025-6138
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can ...
CVE-2025-6138
creationtimestamp| type| source ---|---|--- 2025-06-16 20:37:03+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18522 2025-06-16 21:31:33+00:00| seen| Telegram/KLejpjD5UEH6hnx5d7FQ9Ch0fmQr9r8Zh3VRBo7F-IhlZCI 2025-06-16 23:26:20+00:00| seen|...
CVE-2025-6138 TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can ...
CVE-2024-6138
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2020-6138
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability...
CVE-2024-6138
creationtimestamp| type| source ---|---|--- 2024-07-11 08:41:59+00:00| seen| https://t.me/cvedetector/633...
CVE-2024-6138 Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2024-6138 Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
WordPress Secure Copy Content Protection and Content Locking Plugin < 4.0.9 is vulnerable to Cross Site Scripting (XSS)
Software Secure Copy Content Protection and Content Locking Type Plugin Vulnerable versions 4.0.9 Fixed in 4.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6138 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 386e7454f8d8...
CVE-2023-6138
creationtimestamp| type| source ---|---|--- 2024-02-15 00:31:52+00:00| seen| https://t.me/ctinow/185151...
CVE-2023-6138
CVE-2023-6138 concerns the system BIOS on HP Workstation PCs, with potential for privilege escalation, arbitrary code execution, or denial of service. Evidence across sources notes HP is releasing mitigation and provides BIOS updates (e.g., HP HPSBHF03915 and accompanying SoftPaqs) to address the...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : libssh vulnerabilities (USN-6138-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6138-1 advisory. Philip Turnbull discovered that libssh incorrectly handled rekeying with algorithm guessing. A remote attacker could use this issue t...
K34514540: TMM vulnerability CVE-2017-6138
Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules...
SUSE CVE-2018-6138
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...
Mageia: Security Advisory (MGASA-2018-0268)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-6138
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-6138
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-6138
OS4Ed openSIS 7.3 contains multiple SQL injection vulnerabilities in the password reset flow. The uname parameter on /opensis/ResetUserInfo.php (and related fields) can be exploited to run arbitrary SQL, potentially exposing usernames, emails, and other data. Attackers could trigger via crafted H...