CVE-2026-9642

creationtimestamp| type| source ---|---|--- 2026-05-26 22:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmryk2eogi2k 2026-05-26 22:15:19+00:00| seen| https://bsky.app/profile/potato.software/post/3mmrzeclokg26 2026-05-29 22:07:08+00:00| seen|...

MINI-29GX-9642-674X

Bulletin has no description...

CVE-2025-9642

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover...

GitLab 14.10 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-9642)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in GitLab CVE-2025-9642 Note that Nessus has not tested for this issue but has instead relied only on the application...

Linux Distros Unpatched Vulnerability : CVE-2016-9642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScriptCore in WebKit allows attackers to cause a denial of service out-of-bounds heap read via a crafted Javascript file. CVE-2016-9642 Note that Nessus...

MAL-2025-9642 Malicious code in @waitfortea2024/non-beatae-earum (npm)

The package @waitfortea2024/non-beatae-earum was found to contain malicious code...

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2024-9642

creationtimestamp| type| source ---|---|--- 2024-10-26 12:18:43+00:00| seen| https://t.me/cvedetector/9024...

CVE-2024-9642 Editor Custom Color Palette <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2024-9642 Editor Custom Color Palette <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

WordPress Editor Custom Color Palette Plugin <= 3.3.7 is vulnerable to Cross Site Scripting (XSS)

Software Editor Custom Color Palette Type Plugin Vulnerable versions = 3.3.7 Fixed in 3.3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9642 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d1e22897a97b Credits Francesco...

Adobe Illustrator < 24.2.0 Multiple Vulnerabilities (APSB20-37) (macOS)

The version of Adobe Illustrator installed on the remote macOS host is prior to 24.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-37 advisory. - Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vulnerability. Successful exploitation could...

CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

CVE-2020-10923

The CVE-2020-10923 vulnerability affects NETGEAR R6700 routers (e.g., firmware around V1.0.4.84_10.0.58). A flaw in the UPnP daemon (LISTENING on TCP 5000) allows network-adjacent attackers to bypass authentication via crafted UPnP messages, potentially enabling root code execution when combined ...

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2019-9642

CVE-2019-9642 affects pydio-core up to version 8.2.2 in the proxy.php module; an unauthenticated request allows evaluating and executing malicious PHP code via a PoC placed on the fourth line of a .php file, with execution triggered through a crafted proxy.php?hash=../../../../../var/lib/pydio/da...

Apple TV < 10.2 Multiple Vulnerabilities

According to its banner, the version of Apple TV on the remote device is prior to 10.2. It is, therefore, affected by multiple vulnerabilities : - An out-of-bounds read error exists in LibTIFF in the DumpModeEncode function within file tifdumpmode.c. An unauthenticated, remote attacker can exploi...

CVE-2016-9642

Removed by vendor...