CVE-2025-24230

creationtimestamp| type| source ---|---|--- 2025-04-01 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-190/ 2026-04-02 22:14:33+00:00| seen| Telegram/2E5zGnFDFPvCqW-8Fv5TCu3RrGIbsxTzgaNWgYN4u84o0k...

CVE-2025-24230

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected...

CVE-2025-24230

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected...

CVE-2025-24230

An out-of-bounds read issue in Apple media handling (triggered by playing a malicious audio file) was fixed via input-validation improvements. Affected: visionOS 2.4; macOS Ventura 13.7.5; tvOS 18.4; iPadOS 17.7.6; iOS 18.4/iPadOS 18.4; macOS Sequoia 15.4; macOS Sonoma 14.7.5. Exploitation status...

CVE-2024-24230

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection SSTI vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime.exec followed by an OS command...

CVE-2024-24230

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection SSTI vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime.exec followed by an OS command...

CVE-2024-24230

Komm.One CMS 10.4.2.14 is affected by a Server-Side Template Injection (SSTI) in the Velocity engine. The underling issue allows an attacker to craft a URL that uses java.lang.Runtime and getRuntime().exec to execute arbitrary OS commands on the server. This CVE-2024-24230 entry is corroborated b...

CVE-2023-24230

creationtimestamp| type| source ---|---|--- 2023-02-10 18:37:42+00:00| seen| https://t.me/cibsecurity/57911 2025-03-24 18:23:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8493...

CVE-2023-24230

Formwork v1.12.1 contains a stored XSS in the /formwork/panel/dashboard component, exploitable via the Page title field. Root cause is unsanitized input leading to script/HTML execution. CVSS 3.1 base score 4.8 (Medium) with PR:H, UI:R, scope Changed; impact on confidentiality/integrity is Low. A...

CVE-2020-24230

This CVE entry maps to a CSRF vulnerability in the WordPress Patreon plugin (versions ≤ 1.6.9). The flaw allows an attacker to overwrite or create user meta via CSRF, enabling unauthorized changes to user metadata. Impact is tied to insufficient request authentication for certain actions, as desc...

CVE-2021-24230

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite t...

CVE-2021-24230 Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite t...

CVE-2021-24230

Vulnerability (CVE-2021-24230) is a CSRF in the Patreon WordPress plugin prior to 1.7.0. An authenticated attacker visiting a page could cause a logged-in user to overwrite or create arbitrary user metadata, specifically the wp_capabilities meta, altering the user’s roles and privileges and poten...