CVE-2025-6838

creationtimestamp| type| source ---|---|--- 2025-07-11 10:14:25+00:00| seen| https://bsky.app/profile/potato.software/post/3ltomdlapvz2t...

CVE-2025-6838 Broken Link Notifier <= 1.3.0 - Authenticated (Contributor+) CSV Injection

The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CS...

WordPress Broken Link Notifier plugin <= 1.3.0 - Authenticated (Contributor+) CSV Injection vulnerability

Authenticated Contributor+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Broken Link Notifier versions = 1.3.0...

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

CVE-2020-6838

In mruby 2.1.0, there is a use-after-free in hashvaluesat in mrbgems/mruby-hash-ext/src/hash-ext.c...

CVE-2019-6838

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a user with low privilege...

api-python-bet-project (>=0.1.9 <=0.1.22), argosml (>=0.0.1 <=0.1.3) +74 more potentially affected by CVE-2024-6838 via mlflow (>=2.0.0rc0 <=2.20.4)

mlflow PYPI version =2.0.0rc0, =0.1.9, =0.0.1, =1.0.4, =0.1.3, =1.2.0, =0.1.0, =0.0.10, =0.8.0, =0.0.10, =0.1.2370984012, =0.0.41, =0.0.97 and more Source cves: CVE-2024-6838 Source advisory: SNYK:PYTHON-MLFLOW-9510934...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +170 more potentially affected by CVE-2024-6838 via mlflow (>=0.8.2 <=2.13.2)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.3.8 and more Source cves: CVE-2024-6838 Source advisory: OSV:GHSA-Q3GW-8236-5JW4...

CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

CVE-2017-6838 affecting package audiofile 0.3.6-27

CVE-2017-6838 affecting package audiofile 0.3.6-27. No patch is available currently...

Oracle Linux 7 : firefox (ELSA-2024-6838)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-6838 advisory. 128.2.0-1.0.1 - Remove nomerge annotation from abort calls Orabug: 37079143 - Update to 128.2.0 Orabug: 37079143 Tenable has extracted the preceding...

Ubuntu: Security Advisory (USN-6838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into...

RHEL 6 : audiofile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - audiofile: Heap-based buffer overflow in Expand3To4Module::run when running sfconvert CVE-2018-17095 -...

CVE-2023-6838

creationtimestamp| type| source ---|---|--- 2024-01-11 13:46:55+00:00| seen| https://t.me/ctinow/166508...

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

CVE-2023-6838

The CVE-2023-6838 entry describes a reflected Cross-Site Scripting vulnerability in the Authentication Endpoint of WSO2 API Manager. An attacker can tamper a request parameter to execute script in the context of a victim’s browser, with impact limited to confidentiality and integrity (per CVSS: L...

Debian: Security Advisory (DLA-341-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2015-6838

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument...

AlmaLinux 9 : expat (ALSA-2022:6838)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6838 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. T...