CVE-2026-6977

creationtimestamp| type| source ---|---|--- 2026-04-25 12:48:39+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkd3aiptsl2t...

CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

CVE-2025-6977

creationtimestamp| type| source ---|---|--- 2025-07-16 05:28:40+00:00| seen| Telegram/zUjYkoDXCnAzrzK-WjYnJYCyX6dGkpUpletY3ujpt1Vkvk...

WordPress ProfileGrid plugin <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function vulnerability

Reflected Cross-Site Scripting via 'pmgetmessengernotification' function vulnerability discovered by Kenneth Billones Kenziy in WordPress Plugin ProfileGrid versions = 5.9.5.4...

Oracle Linux 9 : python3.9 (ELSA-2025-6977)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-6977 advisory. 3.9.21-2 - Security fix for CVE-2025-0938 Resolves: RHEL-77263 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Alibaba Cloud Linux 3 : 0054: gd (ALINUX3-SA-2022:0054)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0054 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-14553: gdImageClone in gd.c in...

Linux Distros Unpatched Vulnerability : CVE-2019-6977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26,...

Ubuntu 24.04 LTS : QEMU vulnerabilities (USN-6977-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6977-1 advisory. It was discovered that QEMU did not properly handle certain memory operations, which could result in a buffer overflow. An attacker could potentially use...

CVE-2024-6977 Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client:...

CVE-2020-6977

creationtimestamp| type| source ---|---|--- 2024-05-17 17:05:05+00:00| published-proof-of-concept| https://t.me/truesecator/5749...

RHEL 5 : gd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gd: Double free in the gdImagePtr in gdgifout.c, gdjpeg.c, and gdwbmp.c CVE-2019-6978 - The...

CVE-2023-6977

creationtimestamp| type| source ---|---|--- 2023-12-29 19:16:48+00:00| seen| https://t.me/ctinow/160655 2024-01-13 12:56:42+00:00| seen| https://t.me/ctinow/167816...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +337 more potentially affected by CVE-2023-6977 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2023-6977 Source advisory: OSV:GHSA-QG8P-32GR-GH6X...

CVE-2023-6977

This vulnerability enables malicious users to read sensitive files on the server...

CVE-2023-6977

CVE-2023-6977 relates to Mlflow prior to 2.8.0 suffering a local file inclusion (path traversal) vulnerability. The Nuclei template specifies that an attacker could read sensitive files on the server and potentially modify data or perform unauthorized admin operations in context of the affected s...

BELL-CVE-2019-6977 CVE-2019-6977 does not affect BellSoft software

Bulletin has no description...

CVE-2022-35403

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...

Arbitrary file deletion

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...

AlmaLinux 8 : gd (ALSA-2020:4659)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4659 advisory. - gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function...

SUSE: Security Advisory (SUSE-SU-2019:0449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...