12 matches found
CVE-2023-24518
CVE-2023-24518 is a CSRF vulnerability in Pandora FMS, affecting version 767 and earlier on all platforms. The threat allows an attacker to coerce authenticated users into making unintended requests to a web application they are logged into, potentially enabling actions such as disabling an admin...
CVE-2023-24518 Disabling the administrator's account through cross-site request forgery
A Cross-site Request Forgery CSRF vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms...
CVE-2020-24518
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...
Security Updates for Microsoft Azure Site Recovery (March 2022)
The Microsoft Azure Site Recovery installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...
CVE-2022-24518
creationtimestamp| type| source ---|---|--- 2022-03-09 20:18:20+00:00| seen| https://t.me/cibsecurity/38613...
CVE-2022-24518
Azure Site Recovery Elevation of Privilege Vulnerability...
CVE-2022-24518
CVE-2022-24518 is an Elevation of Privilege issue affecting Microsoft Azure Site Recovery (specifically the VMware-to-Azure recovery scenario). Public documents summarize it as an elevated-privilege vulnerability within Azure Site Recovery components, with remediation delivered through Microsoft ...
CVE-2021-24518 WPFront Notification Bar < 2.0.0.07176 - Authenticated Stored XSS
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...
CVE-2021-24518
The CVE describes an authenticated Stored XSS in the WPFront Notification Bar WordPress plugin prior to version 2.0.0.07176. The vulnerability arises because the plugin does not sanitize/escape its Custom CSS setting, allowing high-privilege users (e.g., admins) to inject XSS payloads even when u...
CVE-2025-24518
CVE-2025-24518 is rejected/not used; this entry does not represent an active vulnerability.
CVE-2025-24518
...
CVE-2020-24518
This CVE entry is rejected/not used per the description; no active vulnerability entry.