CVE-2026-9451

Summary (CVE-2026-9451): Code-Projects Employee Management System 1.0 contains a vulnerability in the /process/applyleaveprocess.php handling of the ID parameter, enabling SQL injection. The issue is remote and has PoC exploitation notes in the entry. The CVSS-derived metrics indicate a medium se...

WordPress Smartcat Translator for WPML plugin <= 3.1.72 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Smartcat Translator for WPML versions = 3.1.72...

MAL-2025-9451 Malicious code in @taktikangea/nesciunt-est-ex-alias (npm)

The package @taktikangea/nesciunt-est-ex-alias was found to contain malicious code...

PT-2024-9451 · Microsoft · Windows Ip Routing Management Snapin +1

Name of the Vulnerable Software and Affected Versions: Windows IP Routing Management Snapin affected versions not specified Description: The issue is related to a remote code execution vulnerability in the Windows IP Routing Management Snapin. It is caused by incorrect restriction of the path nam...

Oracle Linux 9 : python3.12 (ELSA-2024-9451)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9451 advisory. 3.12.5-2.1 - Security fix for CVE-2024-6232 Resolves: RHEL-57415 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2024-9451

creationtimestamp| type| source ---|---|--- 2024-10-09 11:27:54+00:00| seen| https://t.me/cvedetector/7443...

CVE-2024-9451 Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height and width Parameters

The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Embed PDF Viewer Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Embed PDF Viewer Type Plugin Vulnerable versions = 2.4.4 Fixed in 2.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f682b615e5b7 Credits tjoffe Required privile...

Debian: Security Advisory (DLA-715-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0413)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9451)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9451 advisory. - KVM: nSVM: avoid picking up unsupported bits from L2 in intctl CVE-2021-3653 Maxim Levitsky Orabug: 33226010 CVE-2021-3653 - Revert KVM: nSVM:...

CVE-2020-9451

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...

CVE-2020-9451

CVE-2020-9451 affects Acronis True Image 2020 (v24.5.22510). The issue arises in anti_ransomware_service.exe, which logs to a folder writable by unprivileged users. Logs are created in a predictable pattern, enabling an unprivileged user to create a hardlink from a not-yet-created log file to ant...

CVE-2015-9451

creationtimestamp| type| source ---|---|--- 2019-10-08 15:49:32+00:00| seen| https://t.me/cibsecurity/7271...

CVE-2015-9451

The CVE-2015-9451 entry concerns the WordPress plugin plugmatter-optin-feature-box-lite (before 2.0.14). The vulnerability is an SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter, affecting unauthenticated users and potentially enabling unauthorized access to ...

CVE-2015-9451

The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbmailchimp pmfbtid parameter...

CVE-2019-9451

CVE-2019-9451 affects the Android kernel touchscreen driver. The flaw is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges. Exploitation is not dependent on user interaction. The available documents do not specify a pa...

CVE-2018-9451

CVE-2018-9451 affects Android, where DynamicRefTable::load in ResourceTypes.cpp has a missing bounds check causing an out-of-bounds read. This leads to local information disclosure without requiring user interaction. Vulnerable Android versions include 6.0–8.1; patch availability is tied to Andro...

Security Bulletin: Multiple vulnerabilities in Drupal Core affect IBM API Management (CVE-2016-9449, CVE-2016-9450, CVE-2016-9451, CVE-2016-9452)

Summary Drupal is used by the Advanced Developer Portal in IBM API Management. IBM API Management has updated the level of Drupal it provides to address the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9449 DESCRIPTION: Drupal Core could allow a remote authenticated attacker to obtain...

CVE-2017-9451

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...