1368 matches found
EUVD-2025-208695
Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...
CVE-2025-15552
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2025-15552 Long Session Lifetime in Truesec LAPSWebUI
Insufficient Session Expiration in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...
CVE-2026-21297 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...
EUVD-2026-11056
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issu...
CVE-2026-27838 wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling self.getobject. In versions up to and including 2.4, ache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API...
WordPress Welldone theme <= 2.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Welldone versions = 2.4...
CVE-2026-1043
The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...
CVE-2026-1043 PostmarkApp Email Integrator <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...
RHSA-2026:1497 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Bulletin has no description...
Adobe Commerce - Authentication Bypass
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high...
EUVD-2021-34761
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
WordPress TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin < 2.4.0 - Admin+ SQL Injection vulnerability
WordPress TS Poll - Survey, Versus Poll, Image Poll, Video Poll plugin 2.4.0 - Admin+ SQL Injection vulnerability discovered by Chu Quoc Khanh in WordPress Plugin TS Poll versions 2.4.0...
CVE-2020-36997 BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler SEH chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining...
CVE-2020-36997
CVE-2020-36997 affects BacklinkSpeed 2.4 and describes a buffer overflow that allows an attacker to corrupt the Structured Exception Handler (SEH) chain via a malicious file import. A specially crafted payload file can overwrite SEH addresses, potentially enabling arbitrary code execution and con...
CVE-2025-68899
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through = 2.4...
CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through = 2.4...
PT-2026-4101
Name of the Vulnerable Software and Affected Versions designthemes Vivagh versions through 2.4 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations A...
MiracleLinux 8 : httpd:2.4 (AXSA:2024-7691:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7691:01 advisory. httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...