20 matches found
CVE-2026-23858
creationtimestamp| type| source ---|---|--- 2026-02-24 21:20:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfn3uli7zs2v...
RHEL 8 : rsync (RHSA-2025:23858)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23858 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...
CVE-2023-23858
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with...
CVE-2022-23858
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...
CVE-2021-23858
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...
CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...
CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...
CVE-2025-23858
CVE-2025-23858 concerns the WordPress plugin Custom Users Order (versions n/a through 4.2). Multiple sources describe an improper neutralization of input during web page generation that enables Reflected XSS. The affected component is the plugin’s input handling/output rendering, with the root ca...
CVE-2024-23858
creationtimestamp| type| source ---|---|--- 2024-01-26 10:31:27+00:00| seen| https://t.me/ctinow/174114 2024-02-19 14:51:43+00:00| seen| https://t.me/ctinow/187711...
CVE-2024-23858 Cross-Site Scripting (XSS) vulnerability in Cups Easy
A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this...
CVE-2024-23858
CVE-2024-23858 concerns Cups Easy (Purchase & Inventory) v1.0, where the batchno parameter in the /cupseasylive/stockissuancelinecreate.php endpoint is not sufficiently encoded, enabling a Cross-Site Scripting (XSS) vulnerability. The flaw could allow a remote attacker to lure an authenticated us...
CVE-2023-23858
creationtimestamp| type| source ---|---|--- 2023-02-14 07:30:27+00:00| seen| https://t.me/cibsecurity/58054...
CVE-2023-23858
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with...
CVE-2023-23858
CVE-2023-23858 affects SAP NetWeaver AS for ABAP and ABAP Platform (versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790). Root cause: insufficient input validation that allows an unauthenticated attacker to craft a URL which, when clicked by a user, may direct the user to an external l...
CVE-2022-23858
creationtimestamp| type| source ---|---|--- 2022-01-24 07:21:40+00:00| seen| https://t.me/cibsecurity/36097...
CVE-2022-23858
The CVE-2022-23858 issue affects StarWind Command Center (REST API) where an improperly handled REST call allows any logged-in user to elevate privileges to the system account. Affected: StarWind Command Center build 6003 v2. Root cause: improper handling of REST API calls leading to privilege es...
CVE-2021-23858
creationtimestamp| type| source ---|---|--- 2021-10-04 22:25:06+00:00| seen| https://t.me/cibsecurity/29926...
CVE-2021-23857 Login with hash
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system...
CVE-2021-23858
CVE-2021-23858 describes an information-disclosure vulnerability affecting Bosch Rexroth IndraMotion Mlc devices. An unprotected web server resource exposes the main configuration (including users and hashed passwords) and another unprotected resource exposes device details (serial number and fir...
CVE-2021-23858 Information disclosure
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...