CVE-2025-6540

CVE-2025-6540 relates to the WordPress plugin “web-cam” (versions up to 1.0). It is a Stored Cross-Site Scripting (Stored XSS) vulnerability via the slug parameter caused by insufficient input sanitization and output escaping. Exploitation requires at least Contributor-level authentication, and t...

WordPress web-cam plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slug Parameter vulnerability discovered by Gilang in WordPress Plugin web-cam versions = 1.0...

CVE-2023-6540

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information...

CVE-2019-6540

creationtimestamp| type| source ---|---|--- 2025-05-22 19:46:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17350...

Linux Distros Unpatched Vulnerability : CVE-2018-6540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzipdiskfindfirst function of zzip/mmapped.c. Remote attackers could...

CVE-2024-6540

creationtimestamp| type| source ---|---|--- 2024-07-15 10:59:34+00:00| seen| https://t.me/cvedetector/853...

CVE-2024-6540

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

CVE-2024-6540

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

CVE-2024-6540

CVE-2024-6540 affects OTRS where the export function in the external-ticket-overview can disclose ticket-level data. The root cause is improper filtering of fields during export when the TicketSearchLegacyEngine is disabled by an admin, allowing an authorized user to download a list of tickets co...

CVE-2024-6540 Information exlosure in external interface

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

CVE-2024-6540 Information exlosure in external interface

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

CVE-2023-6540

The CVE-2023-6540 entry applies to Lenovo Browser Mobile and Lenovo Browser HD Apps for Android, where a payload can trigger disclosure of sensitive information. Connected sources describe a code-injection style vulnerability in Lenovo Browser Mobile (and HD Apps) with no publicly documented expl...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : BlueZ vulnerability (USN-6540-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6540-1 advisory. It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the...

SUSE CVE-2020-6540

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Rocky Linux 8 : webkit2gtk3 (RLSA-2022:6540)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6540 advisory. - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari...

Oracle Linux 8 : webkit2gtk3 (ELSA-2022-6540)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6540 advisory. 2.36.7-1 - Update to 2.36.7 Related: 2123429 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Mageia: Security Advisory (MGASA-2019-0093)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : zziplib (EulerOS-SA-2020-2571)

According to the versions of the zziplib package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a segmentation fault caused by invalid memory access in the zzipdiskfread...

CVE-2020-6540

Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-6540

CVE-2020-6540 is a buffer overflow in Skia used by Google Chrome, prior to 84.0.4147.105, allowing remote heap corruption via a crafted HTML page. The Debian security advisory DSA-4824-1 lists CVE-2020-6540 among fixed issues and recommends upgrading Chromium to at least 87.0.4280.88-0.4~deb10u1 ...