23 matches found
CVE-2024-22146
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
CVE-2025-22146
creationtimestamp| type| source ---|---|--- 2025-01-15 20:16:22+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfslgxve3c2n 2025-01-15 20:46:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/113834328305491166 2025-01-15 20:49:18+00:00| seen|...
CVE-2025-22146
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...
CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...
CVE-2025-22146
CVE-2025-22146 affects Sentry’s SAML SSO implementation. The vulnerability allows an attacker to impersonate users and take over accounts on the same Sentry instance by leveraging a malicious SAML Identity Provider, with the victim’s email known to exploit it. The SaaS fix was deployed on 2025-01...
CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...
CVE-2023-42112
PDF-XChange Editor contains a vulnerability in the EMF file parser that allows an out-of-bounds read, leading to information disclosure. The flaw arises from insufficient validation of EMF data, enabling a remote attacker to cause a read past the end of an allocated object. Exploitation requires ...
CVE-2024-22146
creationtimestamp| type| source ---|---|--- 2024-01-31 20:31:28+00:00| seen| https://t.me/ctinow/177060 2024-02-10 20:46:19+00:00| seen| https://t.me/ctinow/182639...
CVE-2024-22146
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
CVE-2024-22146
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
CVE-2024-22146 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
CVE-2024-22146
CVE-2024-22146 affects the WordPress plugin Schema & Structured Data for WP & AMP (Magazine3) — versions up to and including 1.25. The root cause is improper input neutralization during web page generation, enabling Stored XSS. A fix exists in version 1.26. Public exploitation details are not pro...
WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)
Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.25 Fixed in 1.26 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22146 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 017c71c1dfc3 Credits LVT-tholv2k Requir...
CVE-2022-22146
creationtimestamp| type| source ---|---|--- 2022-02-08 14:36:55+00:00| seen| https://t.me/cibsecurity/36987...
CVE-2022-22146
CVE-2022-22146 affects TransmitMail (PHP) versions 2.5.0–2.6.1. Public docs identify two issues: (1) a directory traversal vulnerability (CWE-22) that can allow reading arbitrary files, and (2) a cross-site scripting vulnerability (CWE-79) that can inject scripts into a user’s browser. The CVE de...
Elasticsearch ECE 7.13.3信息泄露漏洞(CVE-2021-22146)
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
CVE-2021-22146
creationtimestamp| type| source ---|---|--- 2021-07-28 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3937 2024-01-28 06:55:40+00:00| seen| https://t.me/arpsyndicate/3240...
Elasticsearch ECE 7.13.3 - Anonymous Database Dump
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Elasticsearch ECE 7.13.3 Database Disclosure
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...