26 matches found
CVE-2026-7350 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-7350 vulnerabilities
Vulnerabilities for packages: chromium...
Chromium: CVE-2026-7350 Use after free in WebMIDI
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-7350
CVE-2026-7350 is corroborated across multiple sources (NVD, Debian, CVE lists) as a use-after-free in WebMIDI in Google Chrome prior to 147.0.7727.138. A remote attacker who has compromised the renderer could trigger a sandbox escape via a crafted HTML page. The advisory notes the high severity a...
MiracleLinux 9 : firefox-115.6.0-1.el9_3.ML.1 (AXSA:2024-7350:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7350:02 advisory. Mozilla: Heap-buffer-overflow affecting WebGLDrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in...
Linux Distros Unpatched Vulnerability : CVE-2019-7350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim...
MAL-2025-7350 Malicious code in @crabas0npm/ipsam-minus-ipsam (npm)
The package @crabas0npm/ipsam-minus-ipsam was found to contain malicious code...
AlmaLinux 9 : perl-Module-ScanDeps (ALSA-2025:7350)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:7350 advisory. module-scandeps: local privilege escalation via unsanitized input CVE-2024-10224 Tenable has extracted the preceding description block directly from the AlmaLinux...
CVE-2024-7350 Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This...
WordPress BookingPress Plugin 1.1.6 - 1.1.7 is vulnerable to Broken Authentication
Software BookingPress Type Plugin Vulnerable versions 1.1.6 - 1.1.7 Fixed in 1.1.8 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-7350 Patch priority Low CVSS severity Low 10 Developer Claim ownership PSID a00d0a9226a3 Credits Gibran Abdillah Required...
springbrookclinic.com Open Redirect vulnerability OBB-2384083
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-7350
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to b...
CVE-2020-7350
CVE-2020-7350 affects Rapid7 Metasploit Framework libnotify plugin. Versions before 5.0.85 allow OS command injection via untrusted data in a remote hostname/service name; an attacker must supply a crafted file processed by db_import to trigger code execution on the operator’s terminal. A fix was...
CVE-2020-7350 Metasploit Framework Plugin Libnotify Command Injection
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to b...
Metasploit Libnotify Arbitrary Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit Libnotify Plugin Arbitrary Command Execution', 'Description' = %q This module exploits a shell command injection vulnerability in the...
CVE-2020-7350
creationtimestamp| type| source ---|---|--- 2020-04-16 21:12:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/metasploitlibnotifycmdinjection.rb 2024-10-28 14:37:49+00:00| published-proof-of-concept|...
Metasploit Libnotify Plugin Arbitrary Command Execution
This module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
CVE-2019-7350
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...
CVE-2019-7350
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...
CVE-2019-7350
Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies between 3 and 5 is being generated when a user successfully logs in, and these...