39 matches found
EUVD-2026-40872
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
PT-2026-54454
Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the Modem can cause a system crash. This allows a remote denial of service if a User Equipment UE connects to a rogue base station controlled by an attacker. The...
Fedora 42 : nano (2026-fbeaecb457)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fbeaecb457 advisory. fix CVE-2026-6842 and CVE-29026-6843 Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz2455127 Resolves: rhbz2455314 Tenable has extract...
Fedora 44 : nano (2026-3111ffa11a)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3111ffa11a advisory. fix CVE-2026-6842 and CVE-29026-6843 Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz2455127 Resolves: rhbz2455314 Tenable has extract...
CVE-2026-6842
creationtimestamp| type| source ---|---|--- 2026-04-22 08:38:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk33tv5nbq2q 2026-06-08 09:52:07+00:00| seen| https://bsky.app/profile/bob.mastodon.me.uk.ap.brid.gy/post/3mnrfv6yvmhg2...
RHSA-2024:6842
creationtimestamp| type| source ---|---|--- 2025-07-24 13:36:18+00:00| seen| Telegram/NbE6uJrtwbDK9IW7nliDHdxLxWoJGtWow9EEsvdw7FPY0WQ 2025-08-30 22:20:46+00:00| seen| Telegram/jN3p0rCho2cvLYsHTHnhIMlK4AolhcCwlVRO9wRJlqHX1Xk...
CVE-2023-6842
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...
CVE-2019-6842
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the packag...
CVE-2024-6842
In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...
CVE-2024-6842
In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...
CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm
In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...
CVE-2024-6842 Exposure of Sensitive Information in mintplex-labs/anything-llm
In version 1.5.5 of mintplex-labs/anything-llm, the /setup-complete API endpoint allows unauthorized users to access sensitive system settings. The data returned by the currentSettings function includes sensitive information such as API keys for search engines, which can be exploited by attackers...
CVE-2024-6842
AnythingLLM (mintplex-labs/anything-llm) version 1.5.5 contains an information-disclosure vulnerability via the /setup-complete (or /api/setup-complete) endpoint, allowing remote, unauthenticated access to currentSettings that can include sensitive API keys for search engines. This enables potent...
openSUSE Security Advisory (SUSE-SU-2024:3550-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : podofo (SUSE-SU-2024:3541-1)
The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3541-1 advisory. - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 - CVE-2017-6840: Fixed...
SUSE SLES15 / openSUSE 15 Security Update : podofo (SUSE-SU-2024:3550-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3550-1 advisory. - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 - CVE-2017-6840: Fixed invalid memory read in...
Security update for podofo
This update for podofo fixes the following issues: CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack colorchanger.cpp bsc1027787 CVE-2017-6841: Fixed NULL pointer dereference in...
Ubuntu: Security Advisory (USN-6842-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-6842
creationtimestamp| type| source ---|---|--- 2024-01-09 08:26:36+00:00| seen| https://t.me/ctinow/164852 2024-01-25 17:17:23+00:00| seen| https://t.me/ctinow/173591...
CVE-2023-6842 Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 inclusive due to insufficient input...