MAL-2025-8146 Malicious code in @kollusietea/consequuntur-necessitatibus-consectetur (npm)

The package @kollusietea/consequuntur-necessitatibus-consectetur was found to contain malicious code...

WordPress Qi Addons for Elementor plugin <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via TypeOut Text Widget vulnerability discovered by zer0gh0st in WordPress Plugin Qi Addons For Elementor versions = 1.9.2...

CVE-2025-8146

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8146

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8146 Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8146 Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

CVE-2020-8146

In UniFi Video v3.10.1 for Windows 7/8/10 x64 there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the...

CVE-2019-8146

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding a new customer attribute for stores...

Linux Distros Unpatched Vulnerability : CVE-2014-8146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU...

Security Bulletin: Due to use of International Components for Unicode, IBM Rational ClearQuest is vulnerable to buffer overflow.

Summary Multiple vulnerabilities in International Components for Unicode used within IBM Rational ClearQuest have been addressed CVE-2020-10531, CVE-2011-4599, CVE-2014-8146 Vulnerability Details CVEID:CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to...

CVE-2024-8146

creationtimestamp| type| source ---|---|--- 2024-08-25 10:56:50+00:00| seen| https://t.me/cvedetector/4085...

CVE-2024-8146

The CVE-2024-8146 entry concerns code-projects Pharmacy Management System 1.0. The vulnerability is a SQL injection in the endpoint /index.php?action=editSalesman, triggered by manipulating the id parameter. A remote attacker can exploit it, and public disclosures exist. Exploit details and advis...

CVE-2024-8146 code-projects Pharmacy Management System index.php sql injection

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

CVE-2019-8146

creationtimestamp| type| source ---|---|--- 2024-02-04 15:21:12+00:00| seen| https://t.me/ctinow/178849...

Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools

Summary Open-vm-tools is used only in IBM DataPower Gateway Virtual Edition for communicating with the Hypervisor to perform such tasks as reboot or shutdown of the VM. The limited functionality employed in this use should not expose these CVEs to exploitation; IBM has addressed the CVEs out of a...

Mageia: Security Advisory (MGASA-2015-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1915-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:1401-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:1401-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...