55 matches found
CVE-2026-6970
creationtimestamp| type| source ---|---|--- 2026-04-28 20:11:02+00:00| seen| https://bsky.app/profile/mel-echosphere.bsky.social/post/3mklfebpkit2s 2026-05-01 07:03:02+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mkrkpz77ed26 2026-05-06 07:40:29+00:00| seen|...
UBUNTU-CVE-2026-6970
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...
WP Recipe Maker <= 9.1.0 - Reflected XSS via Referer Header
The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. The Referer header value is used directly in the href attribute of the "Back"...
Linux Distros Unpatched Vulnerability : CVE-2019-6970
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.5.x before 3.5.4 allows SSRF. CVE-2019-6970 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...
CVE-2025-47188
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...
CVE-2025-6970
creationtimestamp| type| source ---|---|--- 2025-07-10 03:00:13+00:00| published-proof-of-concept| Telegram/VL2zkodKXJ4s7-qnqkcGB4g3iOsCKYXSgneWGoW9UEmWyHE 2025-07-15 16:23:39+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-6970.yaml...
📄 WordPress Events Manager 7.0.3 SQL Injection
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress Event Manager plugin <= 7.0.3 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin Events Manager versions = 6.6.4.4...
PT-2025-20723 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series SIP Phones versions through 6.4 SP4 Mitel 6900 Series SIP Phones versions through 6.4 SP4 Mitel 6900w Series SIP Phones versions through 6.4 SP4 Mitel 6970 Conference Unit versions through 6.4 SP4 Description: A vulnerabilit...
The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that it allows for the insertion or modification of arguments, enabling a perpetrator to execute arbitrary commands.
The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w is related to the implementation or modification of arguments. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Ubuntu 22.04 LTS : exfatprogs vulnerability (USN-6970-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6970-1 advisory. It was discovered that exfatprogs incorrectly handled certain memory operations. If a user or automated system were tricked into handling specially crafted exfat...
CVE-2024-6970 itsourcecode Tailoring Management System staffcatadd.php sql injection
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /staffcatadd.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
The vulnerability of the microprogrammed software of Mitel series 6800, 6900, 6900w, and 6970 desktop telephones, related to the ability to bypass authentication, allows attackers to modify phone configuration parameters and trigger a service failure.
The vulnerability of the microprogramming software of Mitel series 6800, 6900, 6900w, and 6970 lies in its ability to bypass authentication. Exploiting this vulnerability allows an attacker to modify the phone’s configuration parameters and cause service failures...
The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w allows a intruder to execute arbitrary commands.
The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...
PT-2024-3206 · Mitel · Mitel 6900 Series +2
Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 Description: A buffer overflow attack can be conducted by an...
CVE-2024-31967
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit...
CVE-2024-31963
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A...
CVE-2024-31966
The CVE-2024-31966 issue affects Mitel 6800 Series and 6900 Series SIP Phones (through 6.3 SP3 HF4), Mitel 6900w Series SIP Phone (through 6.3.3), and Mitel 6970 Conference Unit (through 5.1.1 SP8). The root cause is insufficient parameter sanitization, allowing an authenticated attacker with adm...
CVE-2024-31965
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input...
PT-2024-3247 · Mitel · Mitel 6900 Series +2
Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 Description: The issue is related to an authenticati...