35 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-7147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows...
MAL-2025-7147 Malicious code in @crabas0npm/accusamus-labore-quae (npm)
The package @crabas0npm/accusamus-labore-quae was found to contain malicious code...
CVE-2025-7147
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The...
CVE-2025-7147 CodeAstro Patient Record Management System login.php sql injection
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The...
CVE-2008-7147
Multiple cross-site scripting XSS vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the 1 outline and 2 course parameters to library/descriptionlink.cfm, or the 3 recordstodisplay and ...
CVE-2024-7147
creationtimestamp| type| source ---|---|--- 2024-08-16 13:43:04+00:00| seen| https://t.me/cvedetector/3327...
CVE-2024-7147 JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress JetBlocks For Elementor Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)
Software JetBlocks For Elementor Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.12.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7147 Patch priority Low CVSS severity Low 6.5 Developer Crocoblock PSID 63831bec7c72 Credits stealthcopter...
CVE-2023-7147
creationtimestamp| type| source ---|---|--- 2023-12-29 04:26:34+00:00| seen| https://t.me/ctinow/160316 2023-12-30 01:32:48+00:00| seen| https://t.me/cibsecurity/73878...
CVE-2023-7147
CVE-2023-7147 affects gopeak MasterLab up to 3.3.10. The vulnerability is in the function base64ImageContent in app/ctrl/User.php; manipulation of the image argument allows unrestricted file upload and can be triggered remotely. No exploit details are provided in the documents. Remediation/status...
CVE-2019-7147
creationtimestamp| type| source ---|---|--- 2021-08-25 20:42:44+00:00| seen| https://t.me/VulnerabilityNews/23659...
Buffer overflow
Buffer Overflow in Netwide Assembler NASM v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147...
CVE-2020-18974
Buffer Overflow in Netwide Assembler NASM v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147...
CVE-2020-7147
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7147
CVE-2020-7147 describes a remote code execution in Hewlett Packard Enterprise’s Intelligent Management Center (iMC) before platform release 7.3 (E0705P07). The root cause is an expression-language injection in the deploySelectBootrom handling (beanName parameter) that allows an attacker to execut...
CVE-2018-7147
CVE-2018-7147 entry is rejected/not used as explicitly stated in the Description.
CVE-2019-7147
CVE-2019-7147 describes a buffer over-read in the function crc64ib in crc64.c of NASM (nasmlib) 2.14rc16. A crafted assembly input can trigger segmentation faults, causing denial of service (DoS). Connected docs confirm the vulnerable component and the DoS impact, but do not provide a patch/versi...
Apple Support iOS Application 1.1.1 Unencrypted Third Party Analytics Vulnerability
Apple Support iOS application versions 1.1.1 and below send potentially sensitive information such as mobile carrier, install date and time, number of app launches, device model, iOS version and screen resolution, unencrypted to a third party site Adobe Marketing Cloud. Apple Support iOS...
CVE-2017-7147
CVE-2017-7147 affects the Apple Support app for iOS prior to version 1.2. The issue lies in the Analytics component, which transmits analytics data in cleartext to an Adobe Marketing Cloud server, potentially exposing information such as installation date/time and device details to a remote obser...
About the security content of Apple Support 1.2 for iOS - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...