Lucene search
K

20 matches found

Circl
Circl
added 2026/02/24 9:20 p.m.9 views

CVE-2026-23858

creationtimestamp| type| source ---|---|--- 2026-02-24 21:20:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfn3uli7zs2v...

5.4CVSS4.8AI score0.00183EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.3 views

RHEL 8 : rsync (RHSA-2025:23858)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23858 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

7.5CVSS7.6AI score0.02224EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.8 views

CVE-2023-23858

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with...

6.1CVSS6.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:56 p.m.12 views

CVE-2022-23858

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...

9CVSS6.8AI score0.01121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:20 p.m.8 views

CVE-2021-23858

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

8.6CVSS6.6AI score0.01203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:48 p.m.5 views

CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:48 p.m.13 views

CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiren Patel Custom Users Order custom-users-order allows Reflected XSS.This issue affects Custom Users Order: from n/a through = 4.2...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:48 p.m.44 views

CVE-2025-23858

CVE-2025-23858 concerns the WordPress plugin Custom Users Order (versions n/a through 4.2). Multiple sources describe an improper neutralization of input during web page generation that enables Reflected XSS. The affected component is the plugin’s input handling/output rendering, with the root ca...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
Circl
Circl
added 2024/01/26 10:31 a.m.6 views

CVE-2024-23858

creationtimestamp| type| source ---|---|--- 2024-01-26 10:31:27+00:00| seen| https://t.me/ctinow/174114 2024-02-19 14:51:43+00:00| seen| https://t.me/ctinow/187711...

8.2CVSS6.1AI score0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/26 9:4 a.m.10 views

CVE-2024-23858 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this...

8.2CVSS7.2AI score0.00437EPSS
Exploits0References1
CVE
CVE
added 2024/01/26 9:4 a.m.37 views

CVE-2024-23858

CVE-2024-23858 concerns Cups Easy (Purchase & Inventory) v1.0, where the batchno parameter in the /cupseasylive/stockissuancelinecreate.php endpoint is not sufficiently encoded, enabling a Cross-Site Scripting (XSS) vulnerability. The flaw could allow a remote attacker to lure an authenticated us...

8.2CVSS5.8AI score0.00437EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2023/02/14 7:30 a.m.5 views

CVE-2023-23858

creationtimestamp| type| source ---|---|--- 2023-02-14 07:30:27+00:00| seen| https://t.me/cibsecurity/58054...

6.1CVSS6AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/14 3:15 a.m.7 views

CVE-2023-23858

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with...

6.1CVSS6.3AI score0.0037EPSS
Exploits0References2
CVE
CVE
added 2023/02/14 3:15 a.m.62 views

CVE-2023-23858

CVE-2023-23858 affects SAP NetWeaver AS for ABAP and ABAP Platform (versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790). Root cause: insufficient input validation that allows an unauthenticated attacker to craft a URL which, when clicked by a user, may direct the user to an external l...

6.1CVSS6.2AI score0.0037EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2022/01/24 7:21 a.m.4 views

CVE-2022-23858

creationtimestamp| type| source ---|---|--- 2022-01-24 07:21:40+00:00| seen| https://t.me/cibsecurity/36097...

9CVSS8.7AI score0.01121EPSS
Exploits0References1
CVE
CVE
added 2022/01/24 2:1 a.m.73 views

CVE-2022-23858

The CVE-2022-23858 issue affects StarWind Command Center (REST API) where an improperly handled REST call allows any logged-in user to elevate privileges to the system account. Affected: StarWind Command Center build 6003 v2. Root cause: improper handling of REST API calls leading to privilege es...

9CVSS8.9AI score0.01121EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2021/10/04 10:25 p.m.5 views

CVE-2021-23858

creationtimestamp| type| source ---|---|--- 2021-10-04 22:25:06+00:00| seen| https://t.me/cibsecurity/29926...

8.6CVSS7.9AI score0.01203EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/04 5:32 p.m.14 views

CVE-2021-23857 Login with hash

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system...

10CVSS9.1AI score0.01194EPSS
Exploits0References1
CVE
CVE
added 2021/10/04 5:32 p.m.50 views

CVE-2021-23858

CVE-2021-23858 describes an information-disclosure vulnerability affecting Bosch Rexroth IndraMotion Mlc devices. An unprotected web server resource exposes the main configuration (including users and hashed passwords) and another unprotected resource exposes device details (serial number and fir...

8.6CVSS8.6AI score0.01203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/04 5:32 p.m.26 views

CVE-2021-23858 Information disclosure

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

8.6CVSS9.2AI score0.01203EPSS
Exploits0References1
Rows per page
Query Builder