CVE-2026-6346

creationtimestamp| type| source ---|---|--- 2026-05-18 10:53:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4pj4wb2b2i 2026-05-18 18:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mm5hfq7huy2t 2026-05-21 02:37:09+00:00| seen|...

CVE-2026-6346 Sensitive credentials exposed in plaintext in Mattermost support packets

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

CVE-2026-6346

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials in...

MINI-CR9J-CX6Q-6346

Bulletin has no description...

MiracleLinux 8 : thunderbird-102.14.0-1.el8.ML.1 (AXSA:2023-6346:23)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6346:23 advisory. Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions CVE-2023-4045 Mozilla: Incorrect value used during WASM compilation...

EUVD-2018-6346

Malware in sbrugna...

CGA-6346-WWX7-4CFC

Bulletin has no description...

CVE-2025-6346

creationtimestamp| type| source ---|---|--- 2025-06-20 17:48:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ls2lwsxidx2p...

CVE-2025-6346

A SQL injection vulnerability exists in SourceCodester Advance Charity Management System 1.0, affecting the /members/fundDetails.php file. The issue stems from manipulation of the m06 parameter, enabling remote exploitation. Multiple sources confirm this as a critical flaw with public disclosure ...

CVE-2025-6346 SourceCodester Advance Charity Management System fundDetails.php sql injection

A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. Th...

CVE-2025-6346 SourceCodester Advance Charity Management System fundDetails.php sql injection

A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. Th...

CVE-2020-6346

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2018-6346

creationtimestamp| type| source ---|---|--- 2025-05-06 16:21:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15153...

Linux Distros Unpatched Vulnerability : CVE-2016-6346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. CVE-2016-6346 Note that Nessus relies on t...

CVE-2024-6346

creationtimestamp| type| source ---|---|--- 2024-08-01 12:55:06+00:00| seen| https://t.me/cvedetector/2229 2025-03-02 11:46:30+00:00| seen| Telegram/abXy1MUux4J5jAydQRXxnoeJ8-HXpgjTZLikviCoVEsLkyLe...

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.2.85a is vulnerable to Cross Site Scripting (XSS)

Software Post Grid and Gutenberg Blocks Type Plugin Vulnerable versions = 2.2.85a Fixed in 2.2.86 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6346 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0a3eb3d1bba0 Credits...

openSUSE: Security Advisory for opera (openSUSE-SU-2023:0396-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : chromium (2023-ceaa6b19c1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ceaa6b19c1 advisory. update to 119.0.6045.199, upstream security release High CVE-2023-6345: Integer overflow in Skia High CVE-2023-6346: Use after free in WebAudio High...