34 matches found
CVE-2026-7811
creationtimestamp| type| source ---|---|--- 2026-05-05 07:11:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml3n2etbf52i...
CVE-2026-7811 54yyyu code-mcp MCP File server.py is_safe_path path traversal
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function issafepath of the file src/codemcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack...
WordPress StreamWeasels YouTube Integration plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin StreamWeasels YouTube Integration versions = 1.4.0...
CVE-2025-7811
creationtimestamp| type| source ---|---|--- 2025-07-29 07:05:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv3k6xwna72h...
CVE-2025-7811
The CVE-2025-7811 is for the WordPress plugin StreamWeasels YouTube Integration. It is a Stored Cross-Site Scripting (XSS) vulnerability via the data-uuid attribute in all versions up to 1.4.0, exploitable by authenticated attackers with contributor-level access and above. The impact is that arbi...
CVE-2025-7811 StreamWeasels YouTube Integration <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-7811
A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2024-7811
creationtimestamp| type| source ---|---|--- 2024-08-15 05:56:29+00:00| seen| https://t.me/cvedetector/3220...
CVE-2024-7811 SourceCodester Daily Expenses Monitoring App delete-expense.php sql injection
A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The...
SUSE CVE-2017-7811
Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 56...
Rocky Linux 8 : mingw-expat (RLSA-2022:7811)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7811 advisory. - Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990 Note that Nessus has not tested for this issue but has instead...
RHEL 8 : mingw-expat (RHSA-2022:7811)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7811 advisory. Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packag...
Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7811)
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server This plugin only works with Tenable.ot. Please visit...
Mozilla Firefox Security Advisory (MFSA2017-21) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2020-7811 Samsung Update Local Privilege Escalation Vulnerability
Samsung Update 3.0.2.0 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication...
CVE-2020-7811
Samsung Update 3.0.2.0 ~ 3.0.32.0 is vulnerable to privilege escalation due to commands crafted by an attacker being executed while the engine deserializes data during inter-process communication. Description and connected sources consistently identify the affected component as Samsung Update, wi...
CVE-2019-7811
Adobe Acrobat and Reader are affected by CVE-2019-7811, an out-of-bounds read vulnerability. Affected versions include 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier. Succes...
Adobe Acrobat and Reader Out-of-Bounds Read (APSB19-18: CVE-2019-7811)
An out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
KLA11481 Multiple vulnerabilities in Adobe Acrobat and Adobe Reader
Multiple vulnerabilities were found in Adobe Acrobat&Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out-of-bounds read vulnerability in Adobe Acrobat and Reader can be exploited ...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this...