CVE-2026-24609

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through = 3.1...

CVE-2026-24609

creationtimestamp| type| source ---|---|--- 2026-01-23 23:18:31+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md4tjzymcq2x...

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2025-24609

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...

CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...

CVE-2025-24609

CVE-2025-24609 is a reflected Cross-Site Scripting vulnerability in the WordPress PortOne PORTONE 우커머스 결제 plugin (PortOne Woocommerce) affecting versions up to 3.2.4. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Exploitation details are n...

CVE-2023-24609

creationtimestamp| type| source ---|---|--- 2023-12-22 05:31:58+00:00| seen| https://t.me/ctinow/158190 2024-01-03 23:17:20+00:00| seen| https://t.me/ctinow/162657...

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

CVE-2023-24609

Matrix SSL versions 4.x–4.6.0 and Rambus TLS Toolkit are affected by a length-subtraction integer overflow in the TLS 1.3 server ClientHello PSK extension parsing. The overflow can cause an attacked device to compute an SHA-2 hash over at least 65 KB in RAM, leading to heavy CPU load when many cr...

CVE-2022-24609

creationtimestamp| type| source ---|---|--- 2022-03-10 20:26:12+00:00| seen| https://t.me/cibsecurity/38722...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2022-24609

CVE-2022-24609 affects Luocms v2.0. The vulnerability is an incorrect access-control flaw that allows an unauthenticated or minimally privileged attacker to write an arbitrary shell file through /admin/templates/template_manage.php. Several connected records describe the root cause as insufficien...

CVE-2021-24609

creationtimestamp| type| source ---|---|--- 2021-10-01 21:25:22+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/626...

CVE-2021-24609 WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS

The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24609

The CVE covers the WP Mapa Politico Espana WordPress plugin before 3.7.0, where certain settings are not sanitized/escaped before output in attributes, allowing authenticated high-privilege users to perform stored XSS. Mitigation: upgrade to version 3.7.0 or later.

CVE-2020-24609

Savsoft Quiz 5.5 and earlier is affected by CVE-2020-24609 (Stored XSS). The vulnerability resides in the User Registration flow, where an attacker can inject a payload that triggers when the admin visits the Manage Users page, enabling cookie theft. Multiple connected sources corroborate a store...

Savsoft Quiz 5 - Stored Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Date: 2020-07-28 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10 Contact:...