CVE-2026-6272

creationtimestamp| type| source ---|---|--- 2026-04-24 11:16:14+00:00| seen| Telegram/R09lntrMGCA8cSztnGDF2KvsmTIw4mOAN79EUbfCdjOI6Yc...

Linux Distros Unpatched Vulnerability : CVE-2017-6272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated an...

CVE-2025-6272

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...

CVE-2025-6272

Wasm3 v0.5.0 contains a vulnerability in the MarkSlotAllocated function in source/m3_compile.c that enables an out-of-bounds write. The issue is exploitable locally and has been disclosed publicly. Connected sources corroborate the basic details; one PT Security advisory suggests a temporary work...

CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...

CVE-2024-6272 SpiderContacts <= 1.1.7 - Reflected XSS

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

RHEL 6 : openmpi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libevent: potential heap overflow in buffer/bufferevent APIs CVE-2014-6272 Note that Nessus has not tested for this...

RHEL 5 : openmpi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libevent: potential heap overflow in buffer/bufferevent APIs CVE-2014-6272 Note that Nessus has not tested for this...

CVE-2023-6272

The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits...

CVE-2023-6272

CVE-2023-6272 affects Theme My Login 2FA WordPress plugin, versions prior to 1.2. The root cause is lack of rate limiting on 2FA validation attempts, enabling brute-force of 6-digit codes. Impact: potential unauthorized access to 2FA-protected accounts. Remediation: upgrade to 1.2 or later (patch...

CVE-2023-6272 Theme My Login 2FA < 1.2 - Lack of Rate Limiting

The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits...

RHEL 8 : Red Hat OpenShift Service Mesh 2.0.11 (RHSA-2022:6272)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6272 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift...

Slackware: Security Advisory (SSA:2016-085-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2021-1869

Software: libevent 2.0.21 OS: Cobalt 7.9 CVE-ID: CVE-2014-6272 CVE-Crit: MEDIUM CVE-DESC: Multiple integer overflows in the evbuffer API in Libevent 1.4.x through 1.4.15, 2.0.x through 2.0.22, and 2.1.x through 2.1.The 5-beta allow context-aware attackers to cause a denial of service or possibly...

SUSE: Security Advisory (SUSE-SU-2014:1283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-6272

The CVE-2020-6272 issue affects SAP Commerce Cloud (versions 1808, 1811, 1905, 2005) and arises from insufficient input encoding in web CMS components. The root cause is improper encoding of user inputs, enabling an authenticated and authorized content manager to inject malicious script into seve...

Huawei EulerOS: Security Advisory for libevent (EulerOS-SA-2018-1164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-6272

GL-AR300M-Lite devices (firmware 2.27) are affected by CVE-2019-6272 due to a vulnerability in login_cgi that enables authenticated command injection, potentially allowing arbitrary code execution. The issue is triggered after an attacker with prior login access sends crafted requests to login_cg...

CVE-2019-6272

Command injection vulnerability in logincgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code...

GL-AR300M-Lite 2.27 - (Authenticated) Command Injection Arbitrary File Download Directory Traversal

GL-AR300M-Lite 2.27 - Authenticated Command Injection Arbitrary File Download Directory Traversal Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage:...