26 matches found
CVE-2026-24470
creationtimestamp| type| source ---|---|--- 2026-01-27 00:00:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdehaycyat2r 2026-01-27 01:52:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdenkz35sv2n...
CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
CVE-2024-24470
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the updatepost.php component...
CVE-2023-24470
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0...
CVE-2025-24470
An Improper Resolution of Path Equivalence vulnerability CWE-41 in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests...
CVE-2025-24470
An Improper Resolution of Path Equivalence vulnerability CWE-41 in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests...
CVE-2025-24470
An Improper Resolution of Path Equivalence vulnerability CWE-41 in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests...
CVE-2025-24470
CVE-2025-24470 describes an Improper Resolution of Path Equivalence (CWE-41) in FortiPortal. The issue affects FortiPortal versions up to: 7.0.11, 7.2.0–7.2.6, and 7.4.0–7.4.2. An unauthenticated remote attacker can trigger the vulnerability by sending crafted HTTP requests and may retrieve sourc...
CVE-2025-24470
An Improper Resolution of Path Equivalence vulnerability CWE-41 in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests...
CVE-2025-24470
An Improper Resolution of Path Equivalence vulnerability CWE-41 in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests...
CVE-2024-9753
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabili...
CVE-2024-9753 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabili...
CVE-2024-9753 Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerabili...
CVE-2024-24470
creationtimestamp| type| source ---|---|--- 2024-02-07 02:16:40+00:00| seen| https://t.me/ctinow/180472 2024-02-25 13:46:33+00:00| seen| https://t.me/ctinow/192878...
CVE-2024-24470
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the updatepost.php component...
CVE-2024-24470
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the updatepost.php component...
CVE-2024-24470
CVE-2024-24470 is a CSRF vulnerability in flusity-CMS 2.33 exploitable via update_post.php that can lead to remote arbitrary code execution. Affected component: update_post.php in flusity-CMS v2.33. Root cause: Cross Site Request Forgery. Reported in multiple sources (NVD/Red Hat/etc.). PoC exist...
CVE-2023-24470
ArcSight Logger prior to version 7.3.0 is vulnerable to XML External Entity (XXE) injection (CVE-2023-24470). The root cause is XXE in the product’s XML processing, enabling an attacker to potentially access or exfiltrate data via crafted XML. Public advisories confirm fixes in ArcSight Logger 7....
CVE-2023-24470
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0...