ECHO-ED8C-6987-A443

Bulletin has no description...

MAL-2025-6987 Malicious code in 1lkzd8 (npm)

The package 1lkzd8 was found to contain malicious code...

CVE-2025-6987 Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2025.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6987 Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2025.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Advanced iFrame plugin <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Advanced iFrame versions = 2025.5...

CVE-2020-6987

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

Synology DiskStation Manager Path Traversal (CVE-2013-6987)

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...

AlmaLinux 8 : emacs (ALSA-2024:6987)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6987 advisory. emacs: Gnus treats inline MIME contents as trusted CVE-2024-30203 emacs: Org mode considers contents of remote files to be trusted CVE-2024-30205 emacs:...

Oracle Linux 8 : emacs (ELSA-2024-6987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6987 advisory. - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-393...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Django vulnerabilities (USN-6987-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6987-1 advisory. It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause ...

WordPress String locator Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software String locator Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6987 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1314ec6116ff Credits Rein Daelman trein...

CVE-2023-6987

creationtimestamp| type| source ---|---|--- 2024-08-24 04:50:20+00:00| seen| https://t.me/cvedetector/4047...

CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-6987

creationtimestamp| type| source ---|---|--- 2024-08-08 08:01:54+00:00| seen| https://t.me/cvedetector/2750 2025-03-02 11:46:30+00:00| seen| Telegram/pnPHu4y8MQp3FdqIMNbAx4t9sE8hRiDlH5UdSmZ1khKnMo...

CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress Orchid Store Theme <= 1.5.6 is vulnerable to Broken Access Control

Software Orchid Store Type Theme Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6987 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 11ea3d6423d2 Credits Lucio Sá Required privilege...

Moxa PT-7528 and PT-7828 Series Weak Cryptographic Algorithm (CVE-2020-6987)

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. This plugin only works with Tenable.ot. Please visit...

SUSE CVE-2016-6987

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981...

CVE-2020-6987

CVE-2020-6987 affects Moxa PT-7528 (firmware ≤4.0) and PT-7828 (firmware ≤3.9) Ethernet switches. The vulnerability is a weak cryptographic algorithm that may disclose confidential information. The issue is documented with CVSSv3.1 base score 7.5 (Network attack, no privileges, high confidentiali...