CVE-2026-6651

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Name results in cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-6651

creationtimestamp| type| source ---|---|--- 2026-04-20 15:48:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwsycirht2i...

Exploit for Cross-site Scripting in Iptanus Wordpress_File_Upload

CVE-2024-6651 POC XSS - CVE-2024-6651 PoC funcional para l...

MiracleLinux 9 : containernetworking-plugins-1.3.0-4.el9 (AXSA:2023-6651:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6651:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

CVE-2025-6651 PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2025-6651 PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must vis...

CVE-2025-6651

creationtimestamp| type| source ---|---|--- 2025-06-25 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-436/ 2025-06-25 21:50:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19538 2025-06-26 01:08:11+00:00| seen|...

CVE-2024-6651

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2019-6651

In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request...

CVE-2024-6651

creationtimestamp| type| source ---|---|--- 2024-08-06 09:09:08+00:00| seen| https://t.me/cvedetector/2536 2025-03-13 03:09:39+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-6651.yaml 2025-03-13 21:02:10+00:00| seen|...

CVE-2024-6651

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress WordPress File Upload Plugin < 4.24.8 is vulnerable to Cross Site Scripting (XSS)

Software WordPress File Upload Type Plugin Vulnerable versions 4.24.8 Fixed in 4.24.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6651 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f705fe24e0ac Credits Đức Tài...

Ubuntu: Security Advisory (USN-6651-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS : Linux kernel (StarFive) vulnerabilities (USN-6651-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6651-3 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6651-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6651-2 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6651-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6651-1 advisory. It was discovered that a race condition existed in the ATM Asynchronous Transfer Mode subsystem of the Linux kernel, leading to a use-after-free...

CVE-2023-6651

creationtimestamp| type| source ---|---|--- 2024-01-01 09:26:08+00:00| seen| https://t.me/ctinow/161245...

CVE-2023-6651

A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has...

K89509323: REST Framework vulnerability CVE-2019-6651

Security Advisory Description The BIG-IP/BIG-IQ Configuration utility login page may not follow best security practices when handling a malicious request. CVE-2019-6651 Impact The Configuration utility login page returns an inconsistent HTTP response when processing modified requests which may...

Eaton Intelligent Power Manager system_srv Command Injection (CVE-2020-6651)

A command injection vulnerability exists in Eaton Intelligent Power Manager. The vulnerability is due to a lack of validation of a user-supplied string in requests handled by systemsrv.js before using it to execute a system command...