CVE-2026-24358

creationtimestamp| type| source ---|---|--- 2026-01-26 21:31:41+00:00| seen| Telegram/WGgPfs0tTcsu8vGF2nd1oLLMUIKZY-ZVTHsjtyQWTLRE8...

EUVD-2021-11272

Malware in sbrugna...

Debian: Security Advisory (DLA-4151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4151-1] golang-github-gorilla-csrf security update

-------------------------------------------------------------------------- Debian LTS Advisory DLA-4151-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura May 01, 2025 https://wiki.debian.org/LTS -...

Debian dla-4151 : golang-github-gorilla-csrf-dev - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4151 advisory. - -------------------------------------------------------------------------- Debian LTS Advisory DLA-4151-1 [email protected] https://www.debian.org/lts/security...

CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

CVE-2025-24358 gorilla/csrf CSRF vulnerability due to broken Referer validation

gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes...

CVE-2025-24358

creationtimestamp| type| source ---|---|--- 2025-04-14 02:56:57+00:00| published-proof-of-concept| https://github.com/gorilla/csrf/security/advisories/GHSA-rq77-p4h8-4crw 2025-04-15 22:28:05+00:00| seen| https://t.me/cvedetector/22999 2025-05-01 11:14:45+00:00| published-proof-of-concept|...

CVE-2022-24358

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-24358

creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24358.yaml...

Foxit PhantomPDF < 10.1.7 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1.7. It is, therefore affected by multiple vulnerabilities: - Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and...

CVE-2022-24358

CVE-2022-24358 affects Foxit PDF Reader 11.1.0.52543. The flaw lies in the handling of Doc objects: by performing JavaScript actions, an attacker can trigger a read past the end of an allocated buffer, enabling arbitrary code execution in the context of the current process. User interaction is re...

CVE-2021-24358

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...

CVE-2021-24358

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...

Open redirect

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could b...

CVE-2021-24358

WordPress Plus Addons for Elementor Page Builder prior to 4.1.10 is vulnerable to an Open Redirect when a crafted URL is used to pass an unvalidated redirect parameter. The issue arises from failing to validate the redirect target before redirecting, enabling potential abuse for phishing or to le...

CVE-2021-24358 The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect

The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue...