MAL-2026-2373 Malicious code in my-little-durgham (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebd82bcebf08ed109a462bd365260e6e503b9e10c3645cf696f863a23b4f3614 The package my-little-durgham was found to contain malicious code...

CVE-2026-2373

creationtimestamp| type| source ---|---|--- 2026-03-17 03:16:14+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-2373...

CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

CVE-2013-2373

The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

CVE-2025-2373

A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /checkavailability.php. The manipulation of the argument mobnumber/employeeid leads to sql injection. The attack can be initiated...

CVE-2025-2373

creationtimestamp| type| source ---|---|--- 2025-03-17 10:54:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7751 2025-03-17 13:16:59+00:00| seen| https://t.me/cvedetector/20448 2025-03-17 13:51:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lklcf4fc5...

CVE-2025-2373

CVE-2025-2373 affects PHPGurukul Human Metapneumovirus Testing Management System 1.0. The vulnerability is a SQL injection in /check_availability.php triggered by manipulating the mobnumber/employeeid parameter due to lack of input validation. It is exploitable remotely, with public disclosure. T...

CVE-2025-2373 PHPGurukul Human Metapneumovirus Testing Management System check_availability.php sql injection

A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /checkavailability.php. The manipulation of the argument mobnumber/employeeid leads to sql injection. The attack can be initiated...

CVE-2025-2373 PHPGurukul Human Metapneumovirus Testing Management System check_availability.php sql injection

A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /checkavailability.php. The manipulation of the argument mobnumber/employeeid leads to sql injection. The attack can be initiated...

Linux Distros Unpatched Vulnerability : CVE-2011-2373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is...

RHEL 5 : pidgin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pidgin: Out-of-bounds write in purplemarkupunescapeentity triggered by invalid XML CVE-2017-2640 - A deni...

RHEL 9 : wireshark (RHSA-2023:2373)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2373 advisory. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes:...

CVE-2023-2373

creationtimestamp| type| source ---|---|--- 2023-04-28 18:27:27+00:00| seen| https://t.me/cibsecurity/63062...

CVE-2023-2373

CVE-2023-2373 affects Ubiquiti EdgeRouter X Web Management Interface (versions up to 2.0.9-hotfix.6). The vulnerability arises from improper handling of the ecn-up parameter, enabling remote command injection. Exploitation details have been publicly disclosed across multiple sources; no official ...

CVE-2023-2373 Ubiquiti EdgeRouter X Web Management Interface command injection

A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. T...

SUSE CVE-2012-2373

The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension PAE is enabled, does not properly use the Page Middle Directory PMD, which allows local users to cause a denial of service panic via a crafted application that triggers a race condition...

CVE-2022-2373

creationtimestamp| type| source ---|---|--- 2022-08-29 22:34:25+00:00| seen| https://t.me/cibsecurity/49002...

CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

CVE-2022-2373

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...

CVE-2022-2373 Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address...