CVE-2026-6588

creationtimestamp| type| source ---|---|--- 2026-04-20 04:18:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjvmfpdvs52o...

CVE-2026-6588 serge-chat serge Model API Endpoint model.py delete_model missing authentication

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

CVE-2026-6588 serge-chat serge Model API Endpoint model.py delete_model missing authentication

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function downloadmodel/deletemodel of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched...

EUVD-2003-0404

Malware in sbrugna...

EUVD-2022-6588

Malicious code in bioql PyPI...

CVE-2025-6588

CVE-2025-6588 is a reflected Cross-Site Scripting vulnerability in the WordPress FunnelCockpit plugin (versions up to and including 1.4.2). The issue arises from insufficient input sanitization and output escaping in the vulnerable plugin, enabling unauthenticated attackers to inject scripts into...

CVE-2023-6588

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...

CVE-2024-6588

creationtimestamp| type| source ---|---|--- 2024-07-12 10:13:35+00:00| seen| https://t.me/cvedetector/715...

CVE-2024-6588 PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-6588 PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress PowerPress Podcasting Plugin <= 11.9.10 is vulnerable to Cross Site Scripting (XSS)

Software PowerPress Podcasting Type Plugin Vulnerable versions = 11.9.10 Fixed in 11.9.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6588 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a26d6217fa24 Credits Webbernaut...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PAM vulnerability (USN-6588-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6588-2 advisory. USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu...

Ubuntu: Security Advisory (USN-6588-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : PAM vulnerability (USN-6588-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6588-1 advisory. Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A...

CVE-2023-6588

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...

CVE-2023-6588

CVE-2023-6588 affects Devolutions Workspace (versions 2023.3.2.0 and earlier) where offline mode is always enabled in the Devolutions Server data source. The underlying issue allows an attacker with access to the Workspace application to access credentials while offline. The NVD entry lists a CVS...

CVE-2016-6588

A Cross-Site Scripting XSS vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0...

CVE-2016-6588

A Cross-Site Scripting XSS vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0...

CVE-2016-6588

CVE-2016-6588 affects Symantec IT Management Suite 8.0 in the ITMS workflow process manager console. The vulnerability arises from insufficient input validation/filtering in HTTP requests, enabling a reflected cross-site scripting (XSS) attack when an authenticated user clicks a malicious link or...

Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting

Liferay Portal 7.1 CE GA3 SimpleCaptcha API - Cross-Site Scripting Exploit Title: Liferay Portal ” / or ” /. A customized Liferay portlet which directly calls the Simple Captcha API without sanitizing the input could be susceptible to this vulnerability. Poc In a sample scenario of custom code...