CVE-2025-9428

creationtimestamp| type| source ---|---|--- 2025-10-21 13:18:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m3pg76vpbo2o...

CVE-2025-9428

CVE-2025-9428 affects Zohocorp ManageEngine Analytics Plus prior to or at version 6171, with an authenticated SQL Injection via the key update API. Impact described across sources as potential unauthorized data exposure and database manipulation (HIGH risk per CVSS references). Public advisories ...

MAL-2025-9428 Malicious code in @taktikangea/hic-labore (npm)

The package @taktikangea/hic-labore was found to contain malicious code...

CVE-2024-9428

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2019-9428

In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

Linux Distros Unpatched Vulnerability : CVE-2016-9428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote...

Linux Distros Unpatched Vulnerability : CVE-2020-9428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using mor...

CVE-2024-9428

creationtimestamp| type| source ---|---|--- 2024-12-12 07:58:24+00:00| seen| https://t.me/cvedetector/12727...

CVE-2024-9428

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9428

CVE-2024-9428 affects the Popup Builder WordPress plugin prior to version 4.3.5. The issue arises because the plugin does not sanitise and escape certain settings, enabling stored cross-site scripting by high-privilege users (e.g., admins), including scenarios where unfiltered_html is disallowed ...

CVE-2024-9428 Popup Builder < 4.3.5 - Admin+ Stored XSS

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2018-9428

creationtimestamp| type| source ---|---|--- 2024-11-20 00:22:02+00:00| seen| https://t.me/cvedetector/11540...

CVE-2018-9428

CVE-2018-9428 : The issue affects Android’s AAudio service (AAudioServiceStreamBase.cpp, startDevice) and is caused by an out-of-bounds write stemming from a use-after-free. This can lead to local arbitrary code execution with high impact (confidentiality, integrity, and availability) as describe...

SUSE CVE-2014-9428

The batadvfragmergepackets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service mesh-node system crash...

SUSE CVE-2020-9428

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing...

Mageia: Security Advisory (MGASA-2015-0077)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0075)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9428)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9428 advisory. 10.17-1 - Update to 10.17 Resolves: CVE-2021-32027 Also fixes: CVE-2021-32028 Tenable has extracted the preceding description block directly from the...