42 matches found
CVE-2026-6145
The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...
CVE-2026-6145
creationtimestamp| type| source ---|---|--- 2026-05-14 19:00:10+00:00| published-proof-of-concept| Telegram/XDvWvSLpOLgWYjCnx5nXaVDhxhCY5P5ucZ2jMelcgSmye8Y 2026-05-14 21:00:04+00:00| seen| Telegram/pxejltfM6t0bOCIPs7C1JhjfACvEO7Gy-x7DlZhJbRtGeV0...
Linux Distros Unpatched Vulnerability : CVE-2018-6145
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML pag...
CVE-2025-6145
creationtimestamp| type| source ---|---|--- 2025-06-16 23:33:10+00:00| published-proof-of-concept| Telegram/gKGto3J9ZB8GJQGsyZa-VAheuPEP8fY1LtXcBqVk55gIY 2025-06-16 23:40:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18554 2025-06-17 01:13:41+00:00| seen|...
CVE-2025-6145
CVE-2025-6145 affects TOTOLINK EX1200T (firmware 4.1.2cu.5232_B20210713). The flaw lies in the HTTP POST Request Handler, specifically the /boafrm/formSysLog endpoint, where the submit-url parameter can be manipulated to trigger a buffer overflow. This can allow remote exploitation and arbitrary ...
CVE-2025-6145 TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The...
RHEL 9 : postgresql (RHSA-2024:6145)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6145 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...
CVE-2024-6145 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exis...
CVE-2023-6145
creationtimestamp| type| source ---|---|--- 2023-12-21 15:21:46+00:00| seen| https://t.me/ctinow/157749...
CVE-2023-6145
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 121220...
CVE-2023-6145
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 121220...
CVE-2023-6145 SQLi in Softomi E-commerce Software
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 121220...
CVE-2023-6145
CVE-2023-6145 affects Softomi Advanced C2C Marketplace Software (Istanbul Soft Informatics and Consultancy) prior to version 12122023. Root cause is improper neutralization of special elements in SQL commands, enabling SQL injection (high impact: confidentiality, integrity, and availability all a...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Sysstat vulnerabilities (USN-6145-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6145-1 advisory. It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use...
Ubuntu: Security Advisory (USN-6145-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0268)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ERPNext frappe.desk.reportview.get SQL injection vulnerability
Talos Vulnerability Report TALOS-2020-1091 ERPNext frappe.desk.reportview.get SQL injection vulnerability August 18, 2020 CVE Number CVE-2020-6145 SUMMARY An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can...
CVE-2020-6145
An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2020-6145
CVE-2020-6145 affects ERPNext 11.1.38 via the function frappe.desk.reportview.get . The vulnerability is an SQL injection caused by unsafely handling inputs in the request (e.g., POST data) that flows into database queries, potentially enabling an attacker with authenticated access to manipulate ...
CVE-2019-6145
CVE-2019-6145 affects Forcepoint VPN Client for Windows versions before 6.6.1. The flaw is an unquoted search path that can be exploited locally to escalate privileges to NT AUTHORITY\SYSTEM. It relies on an attacker having local access with write permissions to two locations: C:\Program.exe and ...