CVE-2026-2419

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

Oracle Linux 8 : python3.12 (ELSA-2026-2419)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2419 advisory. 3.12.12-2 - Security fix for CVE-2025-13836 Resolves: RHEL-140993 Tenable has extracted the preceding description block directly from the Oracle Linux security...

MiracleLinux 4 : thunderbird-78.14.0-1.0.1.AXS4 (AXSA:2021-2419:18)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2419:18 advisory. Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 CVE-2021-38493 CVEs: CVE-2021-38493 RESERVED This candidate has been...

EulerOS 2.0 SP10 : krb5 (EulerOS-SA-2025-2419)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5...

CVE-2024-2419

creationtimestamp| type| source ---|---|--- 2025-08-27 13:18:17+00:00| seen| Telegram/xSWxkXIpwESnkyVmRpR3chdingAVosTESMRoW85NafkoMN0...

CVE-2025-2419

creationtimestamp| type| source ---|---|--- 2025-08-12 13:33:28+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996 2025-08-21 03:19:30+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996...

CVE-2025-2419

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It is possible to...

CVE-2025-2419

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It is possible to...

CVE-2025-2419

The CVE-2025-2419 entry concerns code-projects Real Estate Property Management System 1.0. Affected is an unknown function in /InsertFeedback.php, where manipulating the txtName, txtEmail, txtMobile, or txtFeedback parameters enables SQL injection. Attacks are described as remote and publicly dis...

CVE-2025-2419 code-projects Real Estate Property Management System InsertFeedback.php sql injection

A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It is possible to...

CVE-2022-2419

A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has be...

com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17), com.charlyghislain.keycloak:keycloak-importexport (>=11.0.1 <=21.0.0) +113 more potentially affected by CVE-2024-2419 via org.keycloak:keycloak-services (>=10.0.0 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =10.0.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =4.0, =1.1.1, =0.3.0-20.0.1, =1.3.2-22.0.1 and more Source cves: CVE-2024-2419 Source advisory: OSV:GHSA-MRV8-PQFJ-7GP5...

CVE-2024-2419

A flaw was found in Keycloak's redirecturi validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291...

CVE-2024-2419 vulnerabilities

Vulnerabilities for packages: keycloak...

CVE-2024-2419 vulnerabilities

Vulnerabilities for packages: keycloak, keycloak-fips...

CVE-2024-2419 Keycloak: path traversal in the redirect validation

A flaw was found in Keycloak's redirecturi validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291...

CVE-2024-2419 Keycloak: path traversal in the redirect validation

A flaw was found in Keycloak's redirecturi validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291...

CVE-2024-2419

A flaw was found in Keycloak's redirecturi validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291...

Amazon Linux 2 : nss-softokn (ALAS-2024-2419)

The version of nss-softokn installed on the remote host is prior to 3.90.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2419 advisory. It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the...

CVE-2023-2419

CVE-2023-2419 affects Zhong Bang CRMEB 4.6.0, where the vulnerability is in the videoUpload function of SystemAttachmentServices.php. The root cause is manipulation of the filename argument that enables unrestricted file uploads. The issue can be triggered remotely and the exploit has been public...