14 matches found
CVE-2026-24427
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...
CVE-2021-24427
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2025-24427
CVE-2025-24427 affects Adobe Commerce: vulnerable in 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The issue is Improper Access Control allowing a low-privilege attacker to bypass security measures and gain unauthorized write access without user interaction. Connected sources...
CVE-2024-24427
creationtimestamp| type| source ---|---|--- 2025-01-21 23:16:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbycrffgj2x...
CVE-2024-24427
Open5GS has a vulnerability CVE-2024-24427 in the amf_ue_set_suci function, affecting Open5GS ≤ 2.6.4. A reachable assertion can be triggered by a crafted NAS packet, leading to a Denial of Service. The available connected sources consistently describe this issue and the affected version, but no ...
CVE-2024-24427
A reachable assertion in the amfuesetsuci function of Open5GS = 2.6.4 allows attackers to cause a Denial of Service DoS via a crafted NAS packet...
CVE-2024-24427
A reachable assertion in the amfuesetsuci function of Open5GS = 2.6.4 allows attackers to cause a Denial of Service DoS via a crafted NAS packet...
CVE-2023-24427
creationtimestamp| type| source ---|---|--- 2023-01-27 00:46:51+00:00| seen| https://t.me/cibsecurity/56999 2025-04-02 14:33:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10078...
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login...
CVE-2023-24427
CVE-2023-24427 : Jenkins Bitbucket OAuth Plugin (version 0.12 and earlier) does not invalidate the existing session on login, enabling a session-fixation scenario. Public sources consistently describe the issue as a login-session security defect that could allow a malicious actor with social engi...
CVE-2021-24427
The CVE-2021-24427 entry concerns the WordPress W3 Total Cache plugin prior to 2.1.3. The vulnerability arises because the plugin did not sanitise or escape certain CDN settings, allowing high-privilege users to inject JavaScript that is output in pages, leading to an authenticated Stored XSS. Af...
CVE-2020-24427
creationtimestamp| type| source ---|---|--- 2020-11-05 22:50:07+00:00| seen| https://t.me/cibsecurity/15897...
Adobe Acrobat 2017 Security Update (APSB20-67) - Windows
Adobe Acrobat 2017 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
CVE-2022-24427
This CVE entry is rejected/not used and does not represent an active vulnerability entry.