MINI-Q88R-6944-6G95

Bulletin has no description...

CVE-2025-6944

creationtimestamp| type| source ---|---|--- 2025-07-04 09:30:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lt4wmijwt52q...

CVE-2025-6944 Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncodehltext' and 'uncodetexticon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Uncode Core plugin <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Uncode Core versions = 2.9.4.2...

CVE-2024-6944

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has bee...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : curl vulnerability (USN-6944-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6944-2 advisory. USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix fo...

CVE-2024-6944

creationtimestamp| type| source ---|---|--- 2024-07-21 10:51:58+00:00| seen| https://t.me/cvedetector/1318...

CVE-2024-6944

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has bee...

CVE-2024-6944 ZhongBangKeJi CRMEB PublicController.php get_image_base64 deserialization

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has bee...

@backstage/backend-common (>=0.0.0-nightly-20230111022819 <=0.0.0-nightly-20240612021718), @backstage/backend-defaults (>=0.0.0-nightly-20220811024336 <=0.0.0-nightly-20260510031943) +27 more potentially affected by CVE-2023-6944 via @backstage/backend-app-api (>=0.0.0-nightly-20220811024336 <=0.0.0-nightly-20260510031943)

@backstage/backend-app-api NPM version =0.0.0-nightly-20220811024336, =0.0.0-nightly-20230111022819, =0.0.0-nightly-20220811024336, =0.0.0-nightly-20240214021031, =0.0.0-nightly-20220813024304, =0.0.0-nightly-2022122206, =0.0.0-nightly-20240816021916, =0.0.0-nightly-20240929023448,...

CVE-2023-6944 Rhdh: catalog-import function leaks credentials to frontend

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

CVE-2023-6944

CVE-2023-6944 affects Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 GitLab token ends with a newline, causing the sanitized error to reveal the raw token. With access to the token and appropriate permissions, an attacker could...

CVE-2023-6944 Rhdh: catalog-import function leaks credentials to frontend

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

CVE-2023-6944

creationtimestamp| type| source ---|---|--- 2024-01-04 07:51:56+00:00| seen| https://t.me/ctinow/162811 2024-01-04 11:31:21+00:00| seen| https://t.me/ctinow/162908 2024-01-05 01:32:45+00:00| seen| https://t.me/cibsecurity/74400 2024-01-06 23:11:38+00:00| seen| https://t.me/arpsyndicate/2586...

Moderate: Red Hat Security Advisory: protobuf-c security update

An update for protobuf-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CentOS 8 : protobuf-c (CESA-2023:6944)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:6944 advisory. - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note that Nessus has not tested for this issue but has instead...

RHEL 8 : protobuf-c (RHSA-2023:6944)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6944 advisory. The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmembe...

SUSE CVE-2006-6944

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers...

CVE-2018-6944

CVE-2018-6944 affects the WordPress plugin UltimateMember (version 2.0) where core/lib/upload/um-file-upload.php is vulnerable to cross-site scripting due to improper sanitization of input assigned to the $temp variable. This XSS vulnerability could allow injected JavaScript to be executed in the...

gomovies.co XSS vulnerability

Vulnerable URL: https://gomovies.co/?s=%22%3E%3Cscript%20src=https://openbugbounty.org/1.js%3E\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6944 VIP website status:| Yes...