65 matches found
Ozette Plugins - Cross-Site Request Forgery
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...
Exploit for Path Traversal in Jenkins
poc-CVE-2024-...
CVE-2026-23897
creationtimestamp| type| source ---|---|--- 2026-02-04 20:28:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3me2pnxyvjp2a...
CVE-2026-23897
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`
Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...
@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)
@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...
4m-node-server (>=0.0.1 <=0.0.8), @2109-t5/server (>=1.0.0 <=1.0.9) +985 more potentially affected by CVE-2026-23897 via apollo-server (>=0.1.5 <=3.9.0)
apollo-server NPM version =0.1.5, =0.0.1, =1.0.0, =0.5.0, =0.0.1, =0.1.1, =0.0.1, =1.0.7, =0.4.0-alpha.0, =10.4.0, =9.0.0, =10.0.0, =11.2.0 and more Source cves: CVE-2026-23897 Source advisory: SNYK:JS-APOLLOSERVER-15208674...
@apollo/server-integration-testsuite (>=5.0.0 <=5.3.0), @commitspark/graphql-api (>=1.0.0-beta.3 <=1.0.0-beta.6) +22 more potentially affected by CVE-2026-23897 via @apollo/server (>=5.0.0 <=5.3.0)
@apollo/server NPM version =5.0.0, =5.0.0, =1.0.0-beta.3, =1.217.0, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.20.2, =2.21.0 and more Source cves: CVE-2026-23897 Source advisory: SNYK:JS-APOLLOSERVER-15208673...
4m-node-server (>=0.0.1 <=0.0.8), @2109-t5/server (>=1.0.0 <=1.0.9) +953 more potentially affected by CVE-2026-23897 via apollo-server (>=2.0.0 <=3.13.0)
apollo-server NPM version =2.0.0, =0.0.1, =1.0.0, =0.5.0, =0.1.0, =0.4.52, =0.0.1, =1.0.7, =0.4.0-alpha.0, =10.4.0, =9.0.0, =10.0.0, =11.2.0 and more Source cves: CVE-2026-23897 Source advisory: OSV:GHSA-MP6Q-XF9X-FWF7...
Exploit for Path Traversal in Jenkins
CVE-2024-23897 P...
CVE-2020-23897
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tga file...
📄 Jenkins 2.441 Arbitrary File Read
Jenkins version 2.441 proof of concept arbitrary file read exploit. ============================================================================================================================================= | Title : Jenkins 2.441 read files Vulnerability | | Author : indoushka | | Tested on :...
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services AWS-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro , according to findings from Synacktiv. "This backdoor features functionalities relying on the installation of two eBPF extended Berkeley...
Exploit for Path Traversal in Jenkins
CVE-2024-23897 Jenkins RCE Arbitrary File Read CVE-2024-2389...
CVE-2025-23897
creationtimestamp| type| source ---|---|--- 2025-01-16 21:19:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv7gq5rys2n...
CVE-2025-23897 WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...
CVE-2025-23897
CVE-2025-23897 describes a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin “Apply with LinkedIn buttons.” The Red Hat and NVD entries confirm the issue text and impact as the same DOM-based XSS vulnerability caused by improper input neutralization during web page generation, ...
Exploit for Path Traversal in Jenkins
Exploitation of Vulnerability CVE-2024-23897 in Jenkins...
Exploit for Path Traversal in Jenkins
README You can view...
VulnCheck KEV: CVE-2023-23897
Cross-Site Request Forgery CSRF vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin = 1.7.2 versions...