21 matches found
CVE-2026-24138
creationtimestamp| type| source ---|---|--- 2026-01-23 01:45:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md2lbc2zjo24 2026-01-23 03:14:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md2qauxaxw2t...
CVE-2026-24138
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...
CVE-2020-24138
Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...
CVE-2025-24138
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious application may be able to leak sensitive user information...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2025-24138
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information...
CVE-2025-24138
CVE-2025-24138 is a macOS vulnerability addressed by improved state management. The issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. Description: A malicious application may be able to leak sensitive user information. Technical context from the sources confirms...
CVE-2025-24138
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious application may be able to leak sensitive user information...
Exploit for CVE-2024-24138
CVE-2024-24138: Online Timesheet App SQL Injec...
CVE-2023-24138
creationtimestamp| type| source ---|---|--- 2023-02-03 18:20:41+00:00| seen| https://t.me/cibsecurity/57451 2025-03-25 20:24:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8752...
CVE-2023-24138
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hosttime parameter in the NTPSyncWithHost function...
CVE-2023-24138
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hosttime parameter in the NTPSyncWithHost function...
CVE-2023-24138
The CVE-2023-24138 entry concerns TOTOLINK CA300-PoE with firmware V6.2c.884. The vulnerability is a command injection in NTPSyncWithHost via the host_time parameter affecting the NTPSyncWithHost function. Affected component: host_time handling in that function. Impact as per sources: Confidentia...
CVE-2022-24138
creationtimestamp| type| source ---|---|--- 2022-07-06 16:20:45+00:00| seen| https://t.me/cibsecurity/45639...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2022-24138
CVE-2022-24138 affects IOBit Advanced System Care (Asc.exe) 15 and Action Download Center. The root cause is that components are downloaded into the ProgramData folder, which has broad (rwx) permissions for unprivileged users, allowing a low-privilege user to exploit SetOpLock to wait for CreateP...
CVE-2020-24138
Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...
CVE-2020-24138
CVE-2020-24138 is a Cross Site Scripting (XSS) vulnerability in WCMS 0.3.2. The issue allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. Connected sources (Red Hat, CNVD, NVD, OSV) all describe the same flaw in WCMS 0.3.2. No concrete explo...
CVE-2021-24138
Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". This requires an admin privileged user...