MiracleLinux 8 : python3.11-3.11.5-1.el8 (AXSA:2023-7136:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7136:08 advisory. python: tarfile module directory traversal CVE-2007-4559 python: file path truncation at \0 characters CVE-2023-41105 Tenable has extracted the...

CVE-2020-7136

A security vulnerability in HPE Smart Update Manager SUM prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager SUM prior to 8.5.6. Please visit the HPE Support Center at...

CVE-2020-7136

creationtimestamp| type| source ---|---|--- 2025-08-16 21:02:20+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwkbd7eqiq2t 2025-08-31 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-08-31 2025-11-07 00:00:00+00:00| exploited| The...

CVE-2025-7136

creationtimestamp| type| source ---|---|--- 2025-07-07 20:06:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltflk5fpcw25...

CVE-2025-7136 Campcodes Online Recruitment Management System view_vacancy.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/viewvacancy.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-7136 Campcodes Online Recruitment Management System view_vacancy.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/viewvacancy.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-7136

The CVE-2025-7136 entry concerns Campcodes Online Recruitment Management System 1.0. It affects an unknown function in the file /admin/view_vacancy.php where manipulating the ID parameter enables SQL injection. Attacks can be launched remotely, and public disclosure of exploits is noted in multip...

Linux Distros Unpatched Vulnerability : CVE-2016-7136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross- site scripting XSS attacks via a crafted GET request...

Ubuntu: Security Advisory (USN-7136-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Django vulnerability (USN-7136-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7136-2 advisory. USN-7136-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable has...

Rocky Linux 9 : git-lfs (RLSA-2024:7136)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:7136 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Tenabl...

CVE-2024-7136

creationtimestamp| type| source ---|---|--- 2024-08-16 13:43:06+00:00| seen| https://t.me/cvedetector/3329...

CVE-2024-7136

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2024-7136 JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2024-7136 JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2023-7136

CVE-2023-7136 affects code-projects Record Management System 1.0, specifically the Document Type Handler’s /main/doctype.php. The vulnerability stems from manipulating the docname parameter with input like &gt;, enabling cross-site scripting. Exploitation is possible remotely and the exploit has ...

CVE-2018-7136

CVE-2018-7136 entry is rejected/not used and does not represent an active vulnerability.

CVE-2018-7136

...

CVE-2020-7136

CVE-2020-7136 affects HPE Smart Update Manager (SUM) prior to version 8.5.6. The vulnerability could allow remote unauthorized access to SUM. Hewlett Packard Enterprise provides a software update to resolve this vulnerability in SUM prior to 8.5.6; the remediation is to download and install the l...

CVE-2019-7136

creationtimestamp| type| source ---|---|--- 2019-05-23 16:48:40+00:00| seen| https://t.me/cvemitreorg/211...