CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read

The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...

EUVD-2026-2351

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

EUVD-2025-2351

Malicious code in bioql PyPI...

CVE-2014-2351

creationtimestamp| type| source ---|---|--- 2025-10-03 17:02:24+00:00| seen| Telegram/jCV1mdvzl7VhZthazc0F5lSCFaANoXbtWBpBG6ytigF94M...

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

CVE-2022-2351

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfilteredhtml capability is disallowed...

CVE-2013-2351

Unspecified vulnerability in HP Network Node Manager i NNMi 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2025-2351

creationtimestamp| type| source ---|---|--- 2025-03-16 22:45:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7724 2025-03-17 01:35:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkjzbmbijl2x 2025-03-17 02:24:44+00:00| seen| https://t.me/cvedetector/20...

CVE-2025-2351 DayCloud StudentManage Login Endpoint adminScoreUrl sql injection

A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploi...

CVE-2025-2351

DayCloud StudentManage 1.0 is affected by an SQL injection in the login endpoint, specifically the /admin/adminScoreUrl file. The vulnerability results from unsafely handling an argument query, allowing remote exploitation without user interaction. No version details are provided for affected or ...

CVE-2024-2351 CodeAstro Ecommerce Site Search action.php sql injection

A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument catid/brandid/keyword leads to sql injection. The attack can be launched...

CVE-2024-2351

CVE-2024-2351 affects CodeAstro Ecommerce Site 1.0. The flaw is in the action.php of the Search component, where manipulating the arguments cat_id, brand_id, or keyword leads to SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly. Public sources identify the v...

CVE-2023-2351

The CVE-2023-2351 case concerns WP Directory Kit for WordPress. Vulnerable up to 1.2.3 due to missing authorization checks in wdk_admin_action, enabling authenticated users with subscriber-level privileges or higher to modify data, alter plugin settings, import demo data, delete Directory Kit con...

WordPress WP Directory Kit Plugin <= 1.2.3 is vulnerable to Broken Access Control

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2351 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ab7cb35f6371 Credits Lana Codes Required privile...

Oracle Enterprise Manager Ops Center UI and Other Patches (January 2022 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking JDBC. The...

Oracle GoldenGate Multiple Vulnerabilities (January 2022 CPU)

The version of Oracle GoldenGate installed on the remote host is affected by the following vulnerabilities as noted in the January 2022 CPU advisory : - Vulnerability in Oracle GoldenGate component: Build Request Apache Xerces-C++. The supported version that is affected is Prior to 21.4.0.0.0...

CVE-2022-2351

creationtimestamp| type| source ---|---|--- 2022-09-16 12:38:55+00:00| seen| https://t.me/cibsecurity/49863...

CVE-2022-2351

The CVE-2022-2351 entry applies to the WordPress Post SMTP Mailer/Email Log plugin (versions before 2.1.4). The root cause is failure to escape certain settings before output in the admin dashboard, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallow...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2015-2351 via org.opencms:opencms-core (>=8.0.1 <=9.5.1)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2015-2351 Source advisory: OSV:GHSA-6C8C-F2W2-JVJR...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has remedied vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for Storage Management The vulnerabilities allow a malicious person to...