CVE-2026-6449

creationtimestamp| type| source ---|---|--- 2026-05-06 22:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3ml7qzp7u6b24...

CVE-2026-6449

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...

CVE-2025-6449

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/checkoutquery.php. The manipulation of the argument transactionid leads to sql injection. The attack may be...

CVE-2025-6449

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/checkoutquery.php. The manipulation of the argument transactionid leads to sql injection. The attack may be...

CVE-2023-6449

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible for...

CVE-2024-6449

creationtimestamp| type| source ---|---|--- 2024-08-28 15:07:48+00:00| seen| https://t.me/cvedetector/4323 2025-01-09 18:20:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1009 2025-01-09 18:20:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1010...

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

CVE-2023-6449

creationtimestamp| type| source ---|---|--- 2023-12-21 15:42:32+00:00| seen| https://t.me/ctinow/157758 2024-06-01 18:50:19+00:00| seen| Telegram/DNtRgUHEeksdBo-JpBZCojtgf37oteZb8UMSgEyvM8RARzM3-w 2024-10-30 22:24:05+00:00| published-proof-of-concept|...

CVE-2023-6449

The CVE-2023-6449 entry concerns the WordPress plugin Contact Form 7, versions up to and including 5.8.3. The flaw is an arbitrary file upload vulnerability caused by insufficient file-type validation in validate and weak blocklisting in wpcf7_antiscript_file_name. Authenticated attackers with ed...

WordPress Contact Form 7 Plugin <= 5.8.3 is vulnerable to Arbitrary File Upload

Software Contact Form 7 Type Plugin Vulnerable versions = 5.8.3 Fixed in 5.8.4 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6449 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 21a488c2a64b Credits István Márton Required privilege Editor...

Ubuntu: Security Advisory (USN-6449-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : FFmpeg regression (USN-6449-2)

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6449-2 advisory. USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like...

Security Bulletin: Several System x and Flex Systems products are affected by vulnerabilities in OpenSSL (CVE-2013-6449, CVE-2013-4353 and CVE-2013-6450)

Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been fix...

Security Bulletin: Sixteen (16) Vulnerabilities in OpenSSL affect IBM FlashSystem (and TMS RAMSAN) 710, 720, 810, and 820 systems

Summary OpenSSL vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems . These vulnerabilities could allow a remote attacker to execute arbitrary code on the system, to obtain sensitive information, to crash a client, or cause of denial of service. Vulnerability...

SUSE CVE-2013-6449

The sslgetalgorithm2 function in ssl/s3lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service daemon crash via crafted traffic from a TLS 1.2 client...

Oracle Linux 8 : nodejs:16 (ELSA-2022-6449)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6449 advisory. - CVE fixes for CVE-2022-32212/3/4/5 - Resolves CVE-2022-33987 Tenable has extracted the preceding description block directly from the Oracle Linux...

CentOS 8 : nodejs:16 (CESA-2022:6449)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:6449 advisory. - nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 - nodejs: DNS rebinding in --inspect via inval...

RHEL 8 : nodejs:16 (RHSA-2022:6449)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6449 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Security Bulletin: Tivoli Storage Productivity Center is affected by the following OpenSSL vulnerabilities: CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

Summary Security vulnerabilities have been discovered in OpenSSL that were reported by the OpenSSL Project. Vulnerability Details CVE-ID:CVE-2013-4353 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious S/MIME messages. By sendin...