Combodo iTop <2.2.0-2459 - Cross-Site Scripting

Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. id: CVE-2015-6544 info: name: Combodo iTop 2.2.0-2459 - Cross-Site Scripting author:...

MiracleLinux 4 : kernel-2.6.32-431.11.2.el6 (AXSA:2014-258:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-258:01 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

EUVD-2025-6544

Malicious code in bioql PyPI...

amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2025-6544 via h2o (>=3.18.0.8 <=3.46.0.7)

h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2025-6544 Source advisory: OSV:GHSA-5W3J-GWGH-4RFV...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.10), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.10) +45 more potentially affected by CVE-2025-6544 via ai.h2o:h2o-core (>=0.1.10 <=3.46.0.7)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.10 and more Source cves: CVE-2025-6544 Source advisory: OSV:GHSA-5W3J-GWGH-4RFV...

CVE-2025-6544

creationtimestamp| type| source ---|---|--- 2025-09-21 13:28:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lzdyqsetzd2c 2025-09-22 01:32:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lzfb75ldxl2w 2026-05-22 14:09:29+00:00| seen|...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.10), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.10) +45 more potentially affected by CVE-2025-6507 +1 more via ai.h2o:h2o-core (>=0.1.10 <=3.46.0.7)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.10 and more Source cves: CVE-2025-6507, CVE-2025-6544 Source advisory:...

Linux Distros Unpatched Vulnerability : CVE-2018-6544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote...

CVE-2023-6544

creationtimestamp| type| source ---|---|--- 2025-08-07 11:56:24+00:00| seen| Telegram/xSfAsRjLm087B1tlMBvuy4LQ-PseollSRFDSD7wzNaI5GM...

CentOS 6 : chromium-browser (RHSA-2020:3560)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3560 advisory. - Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

CVE-2024-6544

creationtimestamp| type| source ---|---|--- 2024-09-13 17:57:53+00:00| seen| https://t.me/cvedetector/5610...

CVE-2024-6544 Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure

The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...

WordPress Custom Post Limits Plugin <= 4.4.1 is vulnerable to Full Path Disclosure (FPD)

Software Custom Post Limits Type Plugin Vulnerable versions = 4.4.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6544 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 71ab81c6724d Credits stealthcopter Required...

CVE-2023-6544 vulnerabilities

Vulnerabilities for packages: keycloak-fips, keycloak...

CVE-2023-6544 vulnerabilities

Vulnerabilities for packages: keycloak...

CVE-2023-6544

CVE-2023-6544 affects Keycloak via a permissive regular expression used for filtering that governs Dynamic Client Registration and TrustedDomain. The root cause is a hardcoded regex that allows hosts to register a dynamic client, enabling a malicious user with environment knowledge to compromise ...

CVE-2023-6544 Keycloak: authorization bypass

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17), com.charlyghislain.keycloak:keycloak-importexport (>=11.0.1 <=21.0.0) +113 more potentially affected by CVE-2023-6544 via org.keycloak:keycloak-services (>=10.0.0 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =10.0.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =4.0, =1.1.1, =0.3.0-20.0.1, =1.3.2-22.0.1 and more Source cves: CVE-2023-6544 Source advisory: OSV:GHSA-46C8-635V-68R2...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. This is an enhancement and security update with Important impact rating and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.8 enhancement and security update on RHEL 7

New Red Hat Single Sign-On 7.6.8 deliverables are now available for Red Hat Enterprise Linux 7. This is an enhancement and security update with Important impact rating and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...