CVE-2026-7048

creationtimestamp| type| source ---|---|--- 2026-05-28 11:43:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvwyyydmm2q 2026-05-29 05:22:35+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mmxs66iord2k...

CVE-2026-7048

The CVE-2026-7048 entry concerns the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery. A time-based blind SQL Injection exists via the order_by parameter in all versions up to and including 1.8.40, caused by insufficient escaping and incomplete SQL query preparation. Authen...

CVE-2025-7048

creationtimestamp| type| source ---|---|--- 2026-01-06 20:45:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbrt22qwjy2q...

Security Advisory 0132

Security Advisory 0132 . CSAF PDF Date: December 30, 2025 Revision | Date | Changes ---|---|--- 1.0 | December 30, 2025 | Initial release 1.1 | February 3, 2026 | Updated Required Configuration for Exploitation The CVE-ID tracking this issue: CVE-2025-7048 CVSS:3.1 Base Score 4.3...

ECHO-7048-4122-3756

Bulletin has no description...

CVE-2019-7048

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-7048

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state deleting all site content stored in that table, as demonstrated by a wp-admin/admin-post.php?db-reset-tables=comments...

K000148351: PostgreSQL vulnerabilities CVE-2017-15098, CVE-2017-14798, CVE-2016-7048, CVE-2016-5424, and CVE-2016-5423

Security Advisory Description CVE-2017-15098 Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...

Ubuntu 14.04 LTS : Vim vulnerability (USN-7048-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7048-2 advisory. USN-7048-1 fixed a vulnerability in Vim. This update provides the corresponding update for Ubuntu 14.04 LTS. Tenable has extracted the preceding description block...

CVE-2024-7048

creationtimestamp| type| source ---|---|--- 2024-10-10 05:02:24+00:00| seen| https://t.me/cvedetector/7542...

CVE-2024-7048

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...

CVE-2024-7048 IDOR in open-webui/open-webui

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this...

USN-7048-1 vim vulnerability

Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service...

CVE-2023-7048

creationtimestamp| type| source ---|---|--- 2024-01-24 08:11:28+00:00| seen| https://t.me/ctinow/172569...

CVE-2023-7048

CVE-2023-7048 affects the WordPress plugin My Sticky Bar (formerly myStickymenu) up to version 2.6.6. The issue is a Cross-Site Request Forgery caused by missing/incorrect nonce validation in mystickymenu-contact-leads.php, enabling unauthenticated attackers to trigger a CSV export containing con...

CVE-2020-7048

creationtimestamp| type| source ---|---|--- 2022-11-26 15:03:42+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/534 2023-11-22 10:48:36+00:00| published-proof-of-concept| Telegram/k6hHUJVRmEVte2QfNLuU8-v67rBZSq4t8lJINPEEK3muAg 2024-03-29 18:27:13+00:00|...

WordPress ThemeGrill Plugin Privilege Escalation (CVE-2020-7047; CVE-2020-7048)

A privilege escalation exists in WordPress ThemeGrill plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

CVE-2020-7048

The CVE describes a vulnerability in the WordPress WP Database Reset plugin (versions up to 3.1; fixed in later releases, with guidance noting upgrade to at least 3.15). Root cause: an unauthenticated user can trigger a database-table reset via the admin-post.php endpoint (db-reset-tables[] param...

CVE-2019-7048

CVE-2019-7048 affects Adobe Acrobat and Reader: versions 2019.010.20069 and earlier, 2017.011.30113 and earlier, and 2015.006.30464 and earlier. The root cause is a use-after-free vulnerability that could allow arbitrary code execution on successful exploitation. Documented references include the...

Adobe Reader < 2019.010.20091 / 2017.011.30120 / 2015.006.30475 Multiple Vulnerabilities (APSB19-07) (macOS)

The version of Adobe Reader installed on the remote macOS host is prior to 2019.010.20091, 2017.011.30120, 2015.006.30475. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB19-07 advisory. - Buffer Errors potentially leading to Arbitrary Code Execution CVE-2019-7020,...