CVE-2026-24445

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-24445 EV Energy ev.energy Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

CVE-2026-24445

CVE-2026-24445 affects the WebSocket API used by EV Energy ev.energy. The vulnerability is a lack of rate limiting on authentication attempts in the WebSocket API, which could allow an attacker to perform denial-of-service by suppressing or misrouting charger telemetry and could enable brute-forc...

CVE-2026-24445

creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-07 2026-02-27 05:36:56+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfsyjzfvne2x 2026-03-02 22:00:14+00:00| seen|...

CVE-2024-24445

OpenAirInterface CN5G AMF oai-cn5g-amf = 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is...

CVE-2021-24445

The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...

CVE-2025-24445 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-24445

creationtimestamp| type| source ---|---|--- 2025-01-21 22:15:44+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbuvx7uxb2j 2025-01-21 23:40:28+00:00| seen| https://t.me/cvedetector/16038...

CVE-2024-24445

OpenAirInterface CN5G AMF oai-cn5g-amf = 2.0.0 contains a null dereference in its handling of unsupported NGAP protocol messages which allows an attacker with network-adjacent access to the AMF to carry out denial of service. When a procedure code/presence field tuple is received that is...

CVE-2024-11519 IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2023-24445

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins...

CVE-2023-24445

CVE-2023-24445 affects Jenkins OpenID Plugin 2.4 and earlier, which improperly determines that a redirect URL after login points to Jenkins, enabling phishing via open redirects. Public documents (NVD, ENISA EUVD, Red Hat, GHSA, OSS OSV, Tenable Nessus) consistently describe this open redirect is...

CVE-2022-24445

...

CVE-2022-24445

CVE-2022-24445 entry is rejected and does not represent an active vulnerability.

CVE-2021-24445

creationtimestamp| type| source ---|---|--- 2021-08-16 14:14:32+00:00| seen| https://t.me/cibsecurity/27353...

CVE-2021-24445

CVE-2021-24445 affects the WordPress My Site Audit plugin up to version 1.2.4. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) caused by failure to sanitize/escape the Audit Name field when creating audits, allowing a high-privilege user to inject JavaScript payloads even ...

Adobe Experience Manager 6.2 <= 6.2 SP1-CFP20 / 6.3 <= 6.3.3.8 / 6.4 < 6.4.8.3 / 6.5 < 6.5.7.0 Multiple Vulnerabilities (APSB20-01)

The version of Adobe Experience Manager installed on the remote host is affected by multiple vulnerabilities as referenced in the APSB20-72 advisory, as follows: - AEM's Cloud Service offering, as well as versions 6.5.6.0 and below, 6.4.8.2 and below and 6.3.3.8 and below are affected by a stored...