CVE-2026-2405

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...

CVE-2026-2405

creationtimestamp| type| source ---|---|--- 2026-04-14 18:07:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhxvv6sad2t...

CVE-2026-2405

CVE-2026-2405 is a CWE-400 Uncontrolled Resource Consumption vulnerability. According to the documents, a Web Admin flooding the system with POST /helpabout requests can cause excessive troubleshooting ZIP file creation, leading to denial of service. The CVSS 4.0 vector yields a base score of 5.3...

CVE-2025-2405

creationtimestamp| type| source ---|---|--- 2025-12-25 14:28:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3masyexhp3y2y 2025-12-25 23:50:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3matxriiqei2u...

CLSA-2025-1751550583 Update of libkcapi

Backport fixes for kcapi-hasher target option Related: RHEL-15298 - Fix kcapi tests in FIPS mode Resolves: RHEL-2405...

CVE-2022-2405

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup...

CVE-2022-2405

creationtimestamp| type| source ---|---|--- 2025-05-21 19:42:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17183...

Launch of Resources from CWA 2402,2403 or 2405 may fail if MSTeams Citrix plugin is installed

Affected versions : CWA release 2402, 2403 or 2405 When launching a published Desktop users are presented with a grey window momentarily. This then closes but shows connected in connection center Application launches will simply fail but the below error will be observed in the event logs In the...

CVE-2024-42427

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges...

PT-2024-29941 · Dell · Dell Thinos

Name of the Vulnerable Software and Affected Versions: Dell ThinOS versions 2402 and 2405 Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. An unauthenticated attacker with physical access coul...

CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

WordPress Float menu Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Float menu Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 80605a5ac1fe Credits Erwan LR WPScan Required...

Malicious code in wlwz-2312-2405 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a133fd8ec2d91859ac58de1e8195ef0997c23ef1eeb6cf885a1c5416a153b793 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-391 Malicious code in wlwz-2312-2405 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a133fd8ec2d91859ac58de1e8195ef0997c23ef1eeb6cf885a1c5416a153b793 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Low: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based...

Amazon Linux 2 : perl-HTTP-Daemon (ALAS-2024-2405)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2405 advisory. HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which cou...

CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

CVE-2023-2405

The CVE-2023-2405 entry describes a CSRF vulnerability in the WordPress plugin CRMs and Lead Management by vcita up to version 2.6.2 due to missing nonce validation in vcita-callback.php, enabling unauthenticated attackers to modify settings and inject malicious JavaScript via forged requests if ...

SUSE CVE-2008-2405

Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications...