SUSE CVE-2026-2457

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

CVE-2026-2457 WebSocket Message Spoofing via Permalink Embed Manipulation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

CVE-2026-2457

creationtimestamp| type| source ---|---|--- 2026-02-16 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0173/...

EUVD-2026-2457

TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s...

MINI-5QGV-2457-8WWJ

Bulletin has no description...

EUVD-2017-2457

Malware in sbrugna...

CVE-2023-2457

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. Chromium security severity: High...

CVE-2021-2457

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Request Management & Workflow. The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2457

CVE-2024-2457 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Modal Window – create popup modal window affecting all versions up to and including 5.3.8 . The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, enab...

CVE-2024-2457 Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Modal Window Plugin <= 5.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Modal Window Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2457 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09edbec50b76 Credits Krzysztof Zając Required...

Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2023-2457)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2457

creationtimestamp| type| source ---|---|--- 2023-05-12 22:27:02+00:00| seen| https://t.me/cibsecurity/64049...

CVE-2023-2457

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. Chromium security severity: High...

CVE-2023-2457

The CVE-2023-2457 issue is an out-of-bounds/write condition in the ChromeOS Audio Server on ChromeOS, linked to heap corruption via a crafted audio file. Affected product: ChromeOS Audio Server within Google Chrome on ChromeOS, with the vulnerability described as present in versions prior to 113....

CVE-2023-2457

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. Chromium security severity: High...

CVE-2022-2457

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts...

CVE-2022-2457

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts...

CVE-2022-2457

CVE-2022-2457 affects Red Hat Process Automation Manager 7, where the Administration Console is vulnerable to brute-force login attempts due to no limit on failed logins. NVD/V3.1 reports a CRITICAL base score (CVSS:3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Multiple connected documents corrobora...