CVE-2026-24524

creationtimestamp| type| source ---|---|--- 2026-01-27 15:56:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdg4p3iu5w2h...

CVE-2023-24524

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability...

CVE-2024-24524

creationtimestamp| type| source ---|---|--- 2024-02-02 09:26:53+00:00| seen| https://t.me/ctinow/178002 2024-02-09 19:17:15+00:00| seen| https://t.me/ctinow/182204 2024-02-25 09:11:24+00:00| seen| https://t.me/ctinow/192781...

CVE-2024-24524

Cross Site Request Forgery CSRF vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the addmenu.php component...

CVE-2024-24524

Cross Site Request Forgery CSRF vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the addmenu.php component...

CVE-2024-24524

This CVE concerns flusity-CMS version 2.33, where a Cross Site Request Forgery (CSRF) in the add_menu.php component can allow remote attackers to execute arbitrary code. The description across multiple sources consistently identifies the vulnerable surface as add_menu.php and the vulnerable appli...

CVE-2020-24524

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

CVE-2023-24524

creationtimestamp| type| source ---|---|--- 2023-02-14 07:30:27+00:00| seen| https://t.me/cibsecurity/58055...

CVE-2023-24524

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability...

CVE-2023-24524

CVE-2023-24524 affects SAP S/4HANA Map Treasury Correspondence Format Data. The accompanying documents describe an missing authorization check for authenticated users, enabling privilege escalation and potential data deletion with high availability impact. The core issue is an authorization gap i...

CVE-2021-24524

creationtimestamp| type| source ---|---|--- 2021-08-23 16:23:16+00:00| seen| https://t.me/cibsecurity/27698...

CVE-2021-24524

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.12.0 did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them...

CVE-2021-24524

The CVE-2021-24524 vulnerability affects the WordPress GiveWP plugin prior to version 2.12.0. The issue is an authenticated stored XSS in the Donation Level setting of Donation Forms, caused by insufficient escaping, enabling a high-privilege user to inject payloads. Impact is described as cross-...

CVE-2020-24524

CVE-2020-24524 entry is rejected/not used per Initial Description.

CVE-2025-24524

According to PT-Security PT-2025-18782, CVE-2025-24524 is one of three critical flaws reported in the Revolution Pi industrial IoT platform, affecting the Node-RED and PiCtory components widely used in manufacturing, energy, and water sectors. The report notes CVSS scores up to 10.0 but does not ...

CVE-2025-24524

...