Exploit for CVE-2025-2304

CVE-2025-2304-POC PoC for CVE-2025-2304 — Camaleon CMS 2.9.0...

Phoenix Contact多款产品 安全漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have security...

Exploit for CVE-2025-2304

No d...

Exploit for CVE-2025-2304

CVE-2025-2304 - Camaleon CMS 2.9.0 - Privilege Escalation Expl...

Exploit for CVE-2025-2304

CVE-2...

Exploit for CVE-2025-2304

CVE-2025-2304 Exploit Camaleon CMS Vulnerable to Privilege Es...

Exploit for CVE-2025-2304

c...

EUVD-2026-2304

In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVMMEMGUESTMEMFD on an existing memslot Reject attempts to disable KVMMEMGUESTMEMFD on a memslot that was initially created with a guestmemfd binding, as KVM doesn't support toggling KVMMEMGUESTMEMFD on...

CVE-2019-2304

Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructu...

CVE-2024-2304

The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2019-15211

Malware in sbrugna...

EUVD-2023-33764

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-2304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily...

CVE-2023-2260

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...

CVE-2023-2258

Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304...

CVE-2005-2304

Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service crash via an image with an ICC Profile with a large Tag Count...

CVE-2025-2304

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

CVE-2025-2304

creationtimestamp| type| source ---|---|--- 2025-03-14 13:40:23+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lkdqechp2b2a 2025-03-14 13:47:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7546 2025-03-14 15:02:35+00:00| seen|...

CVE-2025-2304 Camaleon CMS Privilege Escalation

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

CVE-2025-2304

CVE-2025-2304 describes a mass-assignment vulnerability in Camaleon CMS where the updated_ajax action in UsersController uses params.require(:user).permit! and thus accepts unfiltered keys. Exploitation paths documented in connected sources show an authenticated user can inject password[role]=adm...