CVE-2026-6809

creationtimestamp| type| source ---|---|--- 2026-04-28 21:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkljx26xtb2a 2026-04-29 12:00:56+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mkn2gu2p6b2u...

CVE-2026-6809

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...

CVE-2025-6809

creationtimestamp| type| source ---|---|--- 2025-06-27 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-466/...

CVE-2023-6809

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2015-6809

Multiple cross-site scripting XSS vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cfgprojectName parameter to index.php/admin/saveConfig, the 2 datastatsproviderurl parameter to index.php/areas/saveArea, or the 3 datadescription...

CVE-2019-6809

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware versions prior to V2.90, Modicon M340 firmware versions prior to V3.10, Modicon Premium all versions, Modicon Quantum all versions, which could cause a possible denial of service when reading invalid data from the...

CVE-2024-6809

The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6809

The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2019-6809

creationtimestamp| type| source ---|---|--- 2025-04-24 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01...

Linux Distros Unpatched Vulnerability : CVE-2020-6809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same- origin', it was possible for the Web Extension to read local...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : BlueZ vulnerabilities (USN-6809-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6809-1 advisory. It was discovered that BlueZ could be made to dereference invalid memory. An attacker could possibly use this issue t...

CVE-2023-6809

CVE-2023-6809 concerns the WordPress plugin Custom fields shortcode. A stored cross-site scripting vulnerability exists in the cf shortcode that processes user-supplied post meta values. In all versions up to and including 0.1, insufficient input sanitization and output escaping allows an authent...

WordPress Custom fields shortcode Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom fields shortcode Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6809 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 73516645b707 Credits Francesco Carlucci...

SUSE CVE-2020-6809

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox 74...

Schneider Electric Modicon Controllers Uncaught Exception (CVE-2019-6809)

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware versions prior to V2.90, Modicon M340 firmware versions prior to V3.10, Modicon Premium all versions, Modicon Quantum all versions, which could cause a possible denial of service when reading invalid data from the...

CVE-2020-6809

CVE-2020-6809 : A WebExtension with the all-urls permission could read local files when it made a fetch with mode 'same-origin', affecting Firefox versions older than 74. Root cause is an escalation of file access in WebExtensions via the all-urls permission. The IBM bulletin confirms the CVE-202...

Mozilla Firefox Security Advisories (MFSA2020-08, MFSA2020-09) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

USN-4299-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy CSP...

CVE-2019-6809

The CVE affects Schneider Electric Modicon PLCs: M580 (firmware before V2.90), M340 (before V3.10), Premium (all), and Quantum (all). Root cause is CWE-248 Uncaught Exception leading to denial of service when handling invalid data/commands via Modbus/UMAS. Public details in TALOS describe an expl...

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +679 more potentially affected by CVE-2016-6809 via org.apache.tika:tika-core (>=0.10 <=1.13)

org.apache.tika:tika-core MAVEN version =0.10, =5.6.100, =2.0.6, =1.0.10, =1.0.12, =1.0.8, =0.6, =0.8 and more Source cves: CVE-2016-6809 Source advisory: OSV:GHSA-J8G6-2WH7-6439...