CVE-2026-6379

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks...

MINI-VQHC-86GP-6379

Bulletin has no description...

Your Redis Server Looks Fine. That’s the Problem.

Introduction There’s an automated attack circulating right now that breaks into unprotected Redis servers, takes over the underlying machine, and then carefully puts everything back the way it found it. It restores the database filename. It deletes the tools it used. It detaches from the...

CVE-2025-6379

creationtimestamp| type| source ---|---|--- 2025-06-28 03:55:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19802 2025-06-28 07:34:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsnndw3s4a2u...

CVE-2025-6379

CVE-2025-6379 (BeeTeam368 Extensions Pro, WordPress) The vulnerability is a directory traversal in the BeeTeam368 Extensions Pro plugin (versions up to 2.3.4) via the handle_live_fn() function, allowing authenticated users with Subscriber+ access to access files outside the intended directory and...

WordPress BeeTeam368 Extensions Pro plugin <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Directory Traversal to Arbitrary File Deletion vulnerability discovered by Tonn in WordPress Plugin BeeTeam368 Extensions Pro versions = 2.3.4...

CVE-2024-6379

creationtimestamp| type| source ---|---|--- 2024-08-20 17:07:54+00:00| seen| https://t.me/cvedetector/3638...

CVE-2024-6379 Reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2023-6379

creationtimestamp| type| source ---|---|--- 2024-01-10 09:06:41+00:00| seen| https://t.me/ctinow/165637...

CVE-2023-6379

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

CVE-2023-6379

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

CVE-2023-6379

Affected software: Alkacon Software Open CMS (Mercury template) v14–v15. Vulnerability: Cross-site scripting (XSS) via the Mercury template. Unauthenticated attackers can inject arbitrary JavaScript through multiple parameters on OpenCMS Mercury pages, potentially leading to session cookie theft ...

Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers

A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was...

CVE-2022-20821

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

Design/Logic Flaw

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

Cisco IOS XR Open Port Vulnerability

Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container...

Cisco IOS XR 信息泄露漏洞

Cisco IOS XR is a set of operating systems developed by the U.S.-based Cisco for its network devices. Cisco IOS XR suffers from an information disclosure vulnerability that stems from the health check RPM opening TCP port 6379 by default upon activation, which allows an unauthenticated, remote...