MINI-6634-3R4H-89R5

Bulletin has no description...

CVE-2026-6634

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

CVE-2025-6634

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-6634

creationtimestamp| type| source ---|---|--- 2025-08-06 23:55:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvrgduxvp42z...

WordPress Master Currency WP Plugin <= 1.1.61 is vulnerable to Cross Site Scripting (XSS)

Software Master Currency WP Type Plugin Vulnerable versions = 1.1.61 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6634 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 595acc86d3da Credits Artem Polynko Artem...

CVE-2024-6634

The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6634 Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode

The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-6634 Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode

The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Exploit for Command Injection in Thimpress Learnpress

CVE-2023-6634 Exploit Script Description This repository...

Ubuntu 22.04 LTS / 23.10 : .NET vulnerabilities (USN-6634-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6634-1 advisory. Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly use this issue to cause a...

CVE-2023-6634

creationtimestamp| type| source ---|---|--- 2024-01-11 10:26:49+00:00| seen| https://t.me/ctinow/166436 2024-01-24 08:11:27+00:00| seen| https://t.me/ctinow/172568 2025-02-06 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-06 2025-02-13 00:00:00+00:00| seen| The...

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

CVE-2023-6634

CVE-2023-6634 affects the LearnPress WordPress plugin. It allows unauthenticated remote code execution via the get_content function by abusing call_user_func with user input in versions up to and including 4.2.5.7. The vulnerability enables execution of arbitrary public functions with a single pa...

CVE-2023-6634 LearnPress <= 4.2.5.7 - Command Injection

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Remote Code Execution (RCE)

Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-6634 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID acb9af544a85 Credits hir0ot Required privilege...

Rocky Linux 9 : webkit2gtk3 (RLSA-2022:6634)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6634 advisory. - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari...

K64855220: F5 TMUI and iControl Rest vulnerability CVE-2019-6634

Security Advisory Description High volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. CVE-2019-6634 Note: The No Access user role is...