CVE-2026-7106

creationtimestamp| type| source ---|---|--- 2026-04-27 03:31:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkh4z6ewbc2l 2026-04-28 00:32:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkjdi7e6sz2s...

CVE-2026-7106 Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrmsaveuserroles function, which is hooked to the personaloptionsupdate action accessible by any...

EUVD-2013-6893

Malware in sbrugna...

EUVD-2021-7106

Malicious code in bioql PyPI...

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

CVE-2024-7106

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2024-7106

creationtimestamp| type| source ---|---|--- 2024-07-25 23:36:30+00:00| seen| https://t.me/cvedetector/1651...

CVE-2024-7106 Spina CMS media_folders cross-site request forgery

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

CVE-2024-7106 Spina CMS media_folders cross-site request forgery

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

Malicious code in wlwz-2312-7106 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91435575b8c96a925d682acd07e2af390c279e698694bcf2f6e5a6f67be678b0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-7106

creationtimestamp| type| source ---|---|--- 2024-01-19 09:16:30+00:00| seen| https://t.me/ctinow/170110...

CVE-2023-7106

CVE-2023-7106 involves a SQL injection in the code-projects E-Commerce Website 1.0. The vulnerability stems from unsafely handling the prod_id parameter in the file product_details.php, enabling attacker-controlled input to influence SQL queries. Reports indicate the flaw can be exploited remotel...

CVE-2023-7106 code-projects E-Commerce Website sql injection

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file productdetails.php?prodid=11. The manipulation of the argument prodid leads to sql injection. The attack can be launched...

Rocky Linux 8 : zlib (RLSA-2022:7106)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7106 advisory. - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications...

Oracle Linux 8 : zlib (ELSA-2022-7106)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7106 advisory. 1.2.11.19 - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434 Tenable has extracted the preceding descriptio...

AlmaLinux 8 : zlib (ALSA-2022:7106)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7106 advisory. - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications tha...

Debian: Security Advisory (DLA-2965-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2965-1] cacti security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2965-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 29, 2022 https://wiki.debian.org/LTS -...

Security update for cacti, cacti-spine (moderate)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2020:0654-1 Rating: moderate References: 1163749 Cross-References: CVE-2020-7106 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 SUSE Package Hub for SUSE Linux Enterprise 12 An updat...

FreeBSD : cacti -- XSS exposure (cd864f1a-8e5a-11ea-b5b4-641c67a117d8)

Cacti developer reports : Lack of escaping of color items can lead to XSS exposure. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and use ...