MiracleLinux 8 : opencryptoki-3.21.0-10.el8_9.ML.1 (AXSA:2024-7646:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7646:02 advisory. opencryptoki: timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin CVE-2024-0914 Tenable has extracted the preceding description block...

MAL-2025-7646 Malicious code in @crabas0npm2/dolorum-excepturi-temporibus (npm)

The package @crabas0npm2/dolorum-excepturi-temporibus was found to contain malicious code...

MINI-739W-9WGV-7646

Bulletin has no description...

CVE-2025-7646

creationtimestamp| type| source ---|---|--- 2025-08-01 07:47:15+00:00| seen| Telegram/yFl9mA2aTv6PxBTC8vB4Y3Cf5kij5ahrR6RKvfHA-0NuUpY...

CVE-2025-7646

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfilteredhtml...

CVE-2025-7646 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfilteredhtml...

CVE-2025-7646

The CVE-2025-7646 entry concerns The Plus Addons for Elementor Page Builder (Lite) for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s custom script parameter affecting all versions up to 6.3.10. An authenticated attacker with Contributor-level access or higher...

WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 6.3.10...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

CVE-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes ingress-nginx (CVE-2024-7646)

Summary A vulnerability in Kubernetes ingress-nginx that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an annotation validatio...

RHEL 8 : firefox (RHSA-2024:7646)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:7646 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

GO-2024-3075 CVE-2024-7646 in github.com/kubernetes/ingress-nginx

CVE-2024-7646 in github.com/kubernetes/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...

CVE-2024-7646

creationtimestamp| type| source ---|---|--- 2024-08-16 21:14:48+00:00| seen| https://t.me/cvedetector/3354 2024-08-17 14:16:54+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8282 2024-08-17 14:46:06+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8283 2024-08-18...

CVE-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

CVE-2024-31817

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg...

CVE-2024-31814

TOTOLINK EX200 V4.0.3c.7646B20201211 allows attackers to bypass login through the FormLogin function...

PT-2024-24224 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: An attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. This issue allows unauthorized access to sensitive data. Recommendations: For...

PT-2024-24220 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution issue was discovered, allowing attackers to execute code remotely via the langType parameter in the setLanguageCfg function. Recommendations: For TOTOLINK EX200...