CVE-2026-24386

creationtimestamp| type| source ---|---|--- 2026-01-22 17:30:56+00:00| seen| https://gist.github.com/Darkcrai86/80ea23442b9839b52adf8b8b0cd94763 2026-01-22 19:53:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mczxmrj3tl2n...

CVE-2026-24386

CVE-2026-24386 describes a Missing Authorization vulnerability in the WordPress plugin “Element Invader – Template Kits for Elementor” (versions n/a through 1.2.4). The root cause is incorrectly configured access control, enabling unauthorized access to protected actions/files within elementinvad...

CVE-2026-24386 WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through = 1.2.4...

CVE-2021-24386

The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to...

CVE-2025-24386

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

CVE-2025-24386

creationtimestamp| type| source ---|---|--- 2025-03-28 02:28:00+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9247 2025-03-28 04:03:36+00:00| seen| Telegram/HLtrfGg4M1aUeJImJnceuXbeT8M976JM0quDSG2ytouQns 2025-03-28 05:12:11+00:00| seen| https://t.me/cvedetector/21360...

CVE-2025-24386

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privilege...

Linux Distros Unpatched Vulnerability : CVE-2020-24386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters,...

CVE-2024-24386

creationtimestamp| type| source ---|---|--- 2024-02-15 09:26:47+00:00| seen| https://t.me/ctinow/185362 2024-02-16 04:14:29+00:00| published-proof-of-concept| Telegram/vOnFw-tbLHXYYB-E0PtL8udwSbsTwJfbnnja3dosVpsMw 2024-02-16 04:19:21+00:00| published-proof-of-concept| https://t.me/CNArsenal/1986...

CVE-2024-24386

CVE-2024-24386 affects VitalPBX v3.2.4-5. An attacker can run arbitrary code via a crafted payload to /var/lib/vitalpbx/scripts, caused by insufficient protection when processing a script from that directory (per PT-Security/Red Hat/NVD entries). Impact is high: remote code execution. Remediation...

CVE-2023-24386

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

CVE-2023-24386

The CVE refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Karishma Arora AI Contact Us Form” versions &lt;= 1.0. The issue is described as Auth. (admin+) XSS, indicating that authenticated users with admin-level privileges can exploit it. The root cause document...

CVE-2023-24386 WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

CVE-2023-24386 WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Karishma Arora AI Contact Us Form plugin = 1.0 versions...

SUSE CVE-2020-24386

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages and path disclosure...

WordPress AI Contact Us Form Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Contact Us Form Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24386 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 673ba1e565e3 Credits Aswin Balaji Required...

NewStart CGSL MAIN 6.02 : dovecot Multiple Vulnerabilities (NS-SA-2022-0057)

The remote NewStart CGSL host, running version MAIN 6.02, has dovecot packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters,...

CVE-2022-24386

creationtimestamp| type| source ---|---|--- 2022-03-14 15:18:08+00:00| seen| https://t.me/cibsecurity/38857...

CVE-2022-24386

Stored XSS vulnerability in SmarterTools SmarterTrack 100.0.8019.14010. Root cause: improper handling of input leading to stored XSS in the application. Affected software/component: SmarterTrack v100.0.8019.14010. Exploitation details are not provided in the sources; no confirmed remediation/fix ...

CVE-2022-24386 Stored XSS in SmarterTrack v100.0.8019.14010

Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...