Zabbix 7.4.x < 7.4.7 Arbitrary PHP Class Instantiation (ZBX-27641)

The version of Zabbix Server installed on the remote host is affected by a vulnerability. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time. Note that Nessus...

CVE-2026-23923

creationtimestamp| type| source ---|---|--- 2026-03-25 14:35:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvcqd54ze2r...

CVE-2026-23923

A flaw was found in Zabbix. An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. This could lead to a limited impact on the availability of the system, depending on the environment setup. Mitigation Mitigation for this issue is eithe...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2026-23923

An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classes. The impact depends on environment setup but appears limited at this time...

CVE-2025-23923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through = 0.999...

Linux Distros Unpatched Vulnerability : CVE-2023-23923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found Moodle which exists due to insufficient limitations on the start page preference. A remote attacker can set that preference for...

CVE-2025-23923

creationtimestamp| type| source ---|---|--- 2025-02-03 15:17:50+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtmnqigd2c 2025-02-03 16:55:39+00:00| seen| https://infosec.exchange/users/cve/statuses/113941003601413692...

CVE-2025-23923 WordPress Lockets Plugin <= 0.999 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through = 0.999...

CVE-2024-23923

creationtimestamp| type| source ---|---|--- 2024-09-28 10:18:19+00:00| seen| https://t.me/cvedetector/6602...

CVE-2024-23923 Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

Moodle 3.11.x < 3.11.12 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...

CVE-2023-23923

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality...

CVE-2023-23923

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality...

CVE-2023-23923

CVE-2023-23923: Moodle contains an Insecure Direct Object Reference (IDOR) vulnerability caused by insufficient restrictions on the user’s start-page preference, enabling a remote attacker to set another user’s start page and gain access to restricted functionality. Several connected sources reit...

Moodle 3.9 <= 3.9.18, 3.11 <= 3.11.11, 4.0 <= 4.0.5, 4.1 < 4.1.1 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

CVE-2022-23923 Sandbox Bypass

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object...

CVE-2022-23923

CVE-2022-23923 concerns the jailed Node.js sandbox library. All versions are vulnerable to a sandbox bypass via an exported alert() method that can access the main application; exported methods are stored in the application.remote object. The connected sources provide a POC showing how an attacke...

CVE-2022-23923

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object...

CVE-2021-23923

The CVE concerns Devolutions Server prior to 2020.3 with a Broken Authentication issue involving Windows domain users. Public documents identify affected software and the vulnerability type but do not provide exploit details, exact root cause, or remediation steps within the supplied sources. Mon...