CVE-2024-6265

creationtimestamp| type| source ---|---|--- 2026-02-06 14:59:46+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-6265.yaml 2026-02-11 21:03:08+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3memeta5wtl2k 2026-04-03...

CVE-2025-6265

creationtimestamp| type| source ---|---|--- 2025-07-15 12:32:24+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114857262701984647...

CVE-2020-6265

SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce Data Hub, versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials...

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-558)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-558 advisory. This update enables libpsl support in curl, which adds protection against domain spanning super cookies as described in section 5.3 of RFC 6265. Tenable has extracted the preceding description block...

Amazon Linux 2 : curl (ALAS-2024-2490)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2490 advisory. This update enables libpsl support in curl, which adds protection against domain spanning super cookies as described in section 5.3 of...

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Issue Correction: Run dnf update curl --releasever 2023.3.20240304 to update your system. New Packages: aarch6...

Low: curl

Issue Overview: This update enables libpsl support in curl, which adds protection against domain spanning "super cookies" as described in section 5.3 of RFC 6265. Affected Packages: curl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

CVE-2024-0570

CVE-2024-0570 affects Totolink N350RT 9.3.5u.6265. The vulnerability lies in /cgi-bin/cstecgi.cgi of the Setting Handler, causing improper access controls. It can be triggered remotely; upgrading the affected component is advised. The available connected documents confirm the file path, affected ...

TOTOLINK N350RT Security Breach

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK N350RT version 9.3.5u.6265, which originates from the file /cgi-bin/cstecgi.cgi that can lead to incorrect access control...

CVE-2023-6265

UNSUPPORTED WHEN ASSIGNED Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory traversal via the mainfunction.cgi dumpSyslog 'option' parameter allowing an authenticated attacker with access to the web management interface to delete arbitrary files. Vigor2960 is no longer supported...

CVE-2023-6265

DrayTek Vigor2960 (versions 1.5.1.4–1.5.1.5) is affected by a directory traversal vulnerability in the mainfunction.cgi dumpSyslog option parameter. An authenticated attacker with access to the web management interface can delete arbitrary files on the device. The vulnerability affects only these...

Oracle Linux 9 : ghostscript (ELSA-2023-6265)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6265 advisory. - fix for CVE-2023-43115 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

Ubuntu 16.04 ESM : RabbitMQ vulnerability (USN-6265-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6265-1 advisory. It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. An attacker could possibly use this issue to expose sensitive information...

Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with " double quote, it will continue to read the cookie string unti...

SUSE CVE-2016-6265

Use-after-free vulnerability in the pdfloadxref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service crash via a crafted PDF file...

Exposure of Sensitive Information to an Unauthorized Actor in httpie

Impact HTTPie have the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. As an example, we can make an authenticated request and save it to a named session called api:...

Mageia: Security Advisory (MGASA-2016-0268)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...