Lucene search
K

47 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 4:9 p.m.6 views

CVE-2026-7413 Persistent undocumented backdoor access in Yarbo robot

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated or weakly authenticated access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates...

7.2CVSS5.7AI score0.00577EPSS
Exploits1References2
Circl
Circl
added 2026/05/07 2:0 p.m.12 views

CVE-2026-7413

creationtimestamp| type| source ---|---|--- 2026-05-07 14:00:00+00:00| seen| http://takeonme.org/cves/cve-2026-7413/ 2026-05-07 14:00:00+00:00| seen| http://takeonme.org/cves/cve-2026-7414/ 2026-05-07 14:00:00+00:00| seen| http://takeonme.org/cves/cve-2026-7415/ 2026-05-07 19:36:35+00:00| seen|...

9.8CVSS5.7AI score0.00577EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-7413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde...

9CVSS7.8AI score0.40447EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2016-7413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the wddxstackdestroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a...

9.8CVSS8AI score0.06654EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/09 9:30 a.m.11 views

CVE-2024-7413 Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure

The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the...

5.3CVSS6.8AI score0.00482EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/09 9:30 a.m.18 views

CVE-2024-7413 Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure

The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the...

5.3CVSS0.00482EPSS
Exploits0References2
CVE
CVE
added 2024/08/09 9:30 a.m.48 views

CVE-2024-7413

The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to 3.8.1 due to allow direct access to bootstrap.php with display_errors enabled. This enables unauthenticated information exposure (full path) that can assist other vulnerabilities; no exploit detai...

5.3CVSS5.1AI score0.00482EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.9 views

WordPress Obfuscate Email Plugin <= 3.8.1 is vulnerable to Sensitive Data Exposure

Software Obfuscate Email Type Plugin Vulnerable versions = 3.8.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7413 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 734768c02b8e Credits stealthcopter Required...

5.3CVSS6.6AI score0.00482EPSS
Exploits0References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/11/08 12:0 a.m.2 views

Horde Groupware Command Injection (CVE-2017-7413)

A command injection vulnerability exists in Horde Groupware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5AI score0.40447EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.30 views

Slackware: Security Advisory (SSA:2016-267-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.11402EPSS
Exploits7References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.38 views

Mageia: Security Advisory (MGASA-2016-0319)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.11402EPSS
Exploits7References5
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2016:2477-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.11402EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.36 views

SUSE: Security Advisory (SUSE-SU-2016:2459-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.16482EPSS
Exploits17References19
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.35 views

SUSE: Security Advisory (SUSE-SU-2016:2477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.11402EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2043)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.15484EPSS
Exploits18References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.56 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1865)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.15484EPSS
Exploits16References2
Cvelist
Cvelist
added 2019/02/05 6:0 p.m.16 views

CVE-2019-7413

In the Parallax Scroll aka adamrob-parallax-scroll plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. "parallax" has a spelling change within the PHP filename...

6.1AI score0.00932EPSS
Exploits0References2
CVE
CVE
added 2019/02/05 6:0 p.m.63 views

CVE-2019-7413

CVE-2019-7413 concerns the WordPress plugin “Parallax Scroll” (adamrob-parallax-scroll). All documented sources indicate the vulnerability is a cross-site scripting (XSS) flaw in the shortcode handling: the file includes/adamrob-parralax-shortcode.php allows XSS via the title text, with a noted f...

6.1CVSS6AI score0.00932EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.53 views

PHP 7.0.x < 7.0.11 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.11. It is, therefore, affected by multiple vulnerabilities : - An heap buffer overflow condition exists in the phpmysqlndrowpreadtextprotocolaux function within file ext/mysqlnd/mysqlndwireprotocol....

9.8CVSS8.7AI score0.11402EPSS
Exploits6References7
Debian
Debian
added 2018/06/27 4:20 p.m.11 views

[SECURITY] [DLA 1398-1] php-horde-crypt security update

Package : php-horde-crypt Version : 2.5.0-5+deb8u1 CVE ID : CVE-2017-7413 CVE-2017-7414 Debian Bug : 859635 It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an...

9CVSS8.8AI score0.40447EPSS
Exploits0
Rows per page
Query Builder