Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users id: CVE-2022-0424 info: name: Popup by Supsystic 1.10.9 - Subscriber Email...

EUVD-2026-32276

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

CVE-2026-35087

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

CVE-2026-35089

In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can deduce the secure key and obtain admin credentials. This issue was fixed in versions below: - IPx...

CVE-2026-35089

Slican telephone exchanges expose admin credentials because the secure key is generated predictably from exchange properties without authentication. CVE-2026-35089 (and CVE-2026-35087) describe an unauthenticated path to deduce the secure key and gain admin access. Remediations (per affected entr...

Slican多款产品 安全漏洞

Slican IPx, among others, are products of the Polish company Slican. Slican IPx is a series of enterprise communication and IP phone switching systems. Slican CCT is also a series of enterprise communication and IP phone switching systems. Slican MAC is a series of enterprise-level telephone...

PT-2026-43699

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.56.1.11.8.AXS4 (AXSA:2013-99:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-99:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-0424 Unspecified vulnerability in the Java Runtime Environment JRE...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.9-2.3.7.1.AXS4 (AXSA:2013-98:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2013-98:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-0424 Unspecified vulnerability in the Java Runtime Environment JRE...

RHSA-2026:0424

creationtimestamp| type| source ---|---|--- 2026-01-12 13:26:42+00:00| seen| https://gist.github.com/Darkcrai86/3cc9ce8a0ecea48c6749ff66fb3d9cd5...

CVE-1999-0424

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes...

EUVD-2018-0424

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-0424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission...

CVE-2024-0424

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2022-0424

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users...

CVE-2020-0424

In sendvc of ressend.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9...

Linux Distros Unpatched Vulnerability : CVE-2010-0424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The editcmd function in crontab.c in 1 cronie before 1.4.4 and 2 Vixie cron vixie-cron allows local users to change the modification times of arbitrary files, a...

CVE-2025-0424

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...

CVE-2025-0424

creationtimestamp| type| source ---|---|--- 2025-02-18 08:15:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ligt24raei2y 2025-02-18 08:41:04+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4759 2025-02-18 10:57:37+00:00| seen| https://t.me/cvedetector/18301...

CVE-2025-0424

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting vulnerabilities. An authenticated attacker is able to compromise the sessions of other users on the server by injecting JavaScript code into their...