CVE-2026-2252

creationtimestamp| type| source ---|---|--- 2026-02-27 09:15:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfteq7yyai2v 2026-02-28 08:03:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfvr6onioi26 2026-03-02 21:20:09+00:00| seen|...

CVE-2018-2252

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

MiracleLinux 4 : wget-1.12-1.11.AXS4 (AXSA:2014-010:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-010:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are...

EUVD-2026-2252

In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2getpcrallocation does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm...

Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2025-2252)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-2252

Vulnerability in the Oracle Loans product of Oracle E-Business Suite component: Loan Details, Loan Accounting Events. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Loans...

CVE-2025-2252

creationtimestamp| type| source ---|---|--- 2025-03-25 07:23:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8620 2025-03-25 09:27:27+00:00| seen| https://t.me/cvedetector/21053...

CVE-2025-2252

CVE-2025-2252 affects the Easy Digital Downloads – eCommerce Payments and Subscriptions plugin for WordPress. The issue allows unauthenticated attackers to disclose private post titles of downloads via edd_ajax_get_download_title(), impacting all versions up to 3.3.6.1. The vulnerability is descr...

Linux Distros Unpatched Vulnerability : CVE-2010-2252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote...

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-2252)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 3 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - wget: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2252 Note that Nessus has not...

RHEL 4 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - wget: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2252 Note that Nessus has not...

CVE-2024-2252

The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-2252

CVE-2024-2252 refers to a stored XSS in the Droit Elementor Addons plugin for WordPress (versions up to 3.1.5). The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes (e.g., URL) in the plugin’s widgets. Exploitation requires authentication at...

WordPress Droit Elementor Addons Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Droit Elementor Addons Type Plugin Vulnerable versions = 3.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2252 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bcd3705192b1 Credits Francesco Carlucci...

CVE-2023-2252

creationtimestamp| type| source ---|---|--- 2024-01-16 17:27:06+00:00| seen| https://t.me/ctinow/168905 2024-01-19 11:20:30+00:00| seen| https://t.me/arpsyndicate/2922 2024-01-23 23:16:20+00:00| seen| https://t.me/ctinow/172379 2024-02-06 11:11:19+00:00| seen| https://t.me/ctinow/179899...

CVE-2023-2252 Directorist < 7.5.4 - Admin+ LFI

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

Amazon Linux 2 : qt5-qtbase (ALAS-2023-2252)

The version of qt5-qtbase installed on the remote host is prior to 5.9.2-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2252 advisory. Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory...

@keystone-6/auth Open Redirect vulnerability

Summary There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. Mitigations - Don't u...

GHSA-JQXR-VJVV-899M @keystone-6/auth Open Redirect vulnerability

Summary There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Impact Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. Mitigations - Don't u...