RHCOS 4 : OpenShift Container Platform 4.3.25 openshift (RHSA-2020:2440)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2440 advisory. - kubernetes: Server side request forgery SSRF in kube-controller-manager allows users to leak secret information CVE-2020-8555 Note that...

EUVD-2026-2440

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub65A28 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

EUVD-2021-2440

Malware in sbrugna...

CVE-2010-2440

Stack-based buffer overflow in st-wizard.exe in Subtitle Translation Wizard 3.0 allows user-assisted remote attackers to execute arbitrary code via a crafted SRT file with a long line after a time range. NOTE: some of these details are obtained from third party information...

CVE-2009-2440

Cross-site scripting XSS vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2025-2440

CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode...

CVE-2025-2440

creationtimestamp| type| source ---|---|--- 2025-04-09 10:47:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11039 2025-04-09 14:15:54+00:00| seen| https://t.me/cvedetector/22554 2025-04-17 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-107-01...

CVE-2025-2440

CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode...

CVE-2025-2440

CWE-922: Insecure Storage of Sensitive Information vulnerability exists that could potentially lead to unauthorized access of confidential data when a malicious user, having physical access and advanced information on the file system, sets the radio in factory default mode...

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

CVE-2022-2440 Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

WordPress Theme Editor Plugin <= 2.8 is vulnerable to PHP Object Injection

Software Theme Editor Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2440 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID b13ac324d817 Credits Rasoul Jahanshahi Required privilege Administrator...

CVE-2024-2440

A race condition in GitHub Enterprise Server allowed an existing admin to retain permissions on a detached repository by issuing a GraphQL mutation to alter repository permissions while the repository was detached. Affected: all GitHub Enterprise Server versions prior to 3.13. Fixes are available...

CVE-2024-2440 Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

GitHub: RC Between GitHub's Repo Update REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

CVE-2023-2440

CVE-2023-2440 (UserPro WordPress Plugin) affects version up to 5.1.1 and is a CSRF vulnerability due to missing nonce validation in admin_page, userpro_verify_user, and verifyUnverifyAllUsers. This allows unauthenticated attackers to modify verified users’ roles, potentially elevating privileges ...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2440 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 1d6ddaf7ecad Credits István Márton Required...

Caucho Resin Path Traversal Vulnerability (CVE-2007-2440) - Active Check

Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...