MiracleLinux 8 : thunderbird-128.12.0-1.el8_10.ML.1 (AXSA:2025-10437:13)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10437:13 advisory. thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 Tenable has extracted the precedin...

CVE-2025-10437

creationtimestamp| type| source ---|---|--- 2025-11-19 13:04:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5ycx36bgt2x...

CVE-2024-10437

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajaxenable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2024-10437

creationtimestamp| type| source ---|---|--- 2024-10-29 12:15:35+00:00| seen| https://t.me/cvedetector/9274...

CVE-2024-10437 WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajaxenable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

WordPress WPC Smart Messages for WooCommerce Plugin <= 4.2.1 is vulnerable to Broken Access Control

Software WPC Smart Messages for WooCommerce Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10437 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c11597d7fa3 Credits Francesco...

CVE-2020-10437

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/optimize-database.php by adding a question mark ? followed by the payload...

CVE-2020-10437

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/optimize-database.php by adding a question mark ? followed by the payload...

CVE-2020-10437

CVE-2020-10437 affects Chadha PHPKB Standard Multi-Language 9. The Red Hat records confirm that URIs handled in admin/header.php allow Reflected XSS by injecting a payload after a question mark, affecting admin/add-article.php, admin/trash-box.php, and admin/optimize-database.php via the same pat...

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10437

A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10437

The CVE-2019-10437 vulnerability affects Jenkins CRX Content Package Deployer Plugin versions 1.8.1 and earlier. It is a cross-site request forgery (CSRF) issue in which an attacker can cause a Jenkins instance to connect to an attacker-specified URL using credentials IDs obtained through another...

CVE-2016-10437

CVE-2016-10437 is an information-disclosure vulnerability affecting Android devices with Qualcomm networking components. In affected Android versions prior to 2018-04-05 patch level (and related patches for various Qualcomm SoCs such as Small Cell, Snapdragon Mobile/Wear families and SDR devices ...

CVE-2007-0518

creationtimestamp| type| source ---|---|--- 2009-12-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/10437...