20 matches found
CVE-2026-24695
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code executio...
CVE-2026-24695
creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 2026-02-27 03:22:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsr2ihvej2d 2026-02-27 05:00:35+00:00| seen|...
CVE-2022-24695
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...
CVE-2025-24695
creationtimestamp| type| source ---|---|--- 2025-01-24 21:17:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113885408502006476...
CVE-2025-24695
Server-Side Request Forgery SSRF vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through = 3.2.0...
CVE-2025-24695
Server-Side Request Forgery SSRF vulnerability in HasThemes Extensions For CF7 allows Server Side Request Forgery. This issue affects Extensions For CF7: from n/a through 3.2.0...
CVE-2025-24695 WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through = 3.2.0...
CVE-2025-24695
CVE-2025-24695 describes a Server-Side Request Forgery (SSRF) in HasThemes Extensions For CF7. Affected software: Extensions For CF7 (WordPress plugin) up to version 3.2.0. Root cause details are not explicitly described beyond SSRF, and exploitation status is not provided in the given documents....
CVE-2025-24695 WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through = 3.2.0...
Zoom Client for Meetings < 5.17.0 Vulnerability (ZSB-24002)
The version of Zoom Client for Meetings installed on the remote host is prior to 5.17.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-24002 advisory. - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...
Zoom VDI Meeting Client < 5.17.5 Vulnerability (ZSB-24002)
The version of Zoom VDI Meeting Client installed on the remote host is prior to 5.17.5. It is, therefore, affected by a vulnerability as referenced in the ZSB-24002 advisory. - Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for...
CVE-2024-24695
creationtimestamp| type| source ---|---|--- 2024-02-14 01:21:41+00:00| seen| https://t.me/ctinow/184348 2024-03-04 09:11:57+00:00| seen| https://t.me/ctinow/199100...
CVE-2024-24695 Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access...
CVE-2024-24695
CVE-2024-24695 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root cause is improper input validation, which may allow an authenticated user to disclose sensitive information over the network. Documented impact is information disclosure...
CVE-2022-24695
Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...
CVE-2022-24695
CVE-2022-24695 concerns Bluetooth Classic in the Bluetooth Core Specification up to version 5.3, where device information for transceivers in Non-Discoverable mode is not properly concealed. An over-the-air attack could efficiently extract the permanent Bluetooth MAC identifier and device capabil...
CVE-2021-24695
creationtimestamp| type| source ---|---|--- 2021-11-08 20:36:05+00:00| seen| https://t.me/cibsecurity/32008...
CVE-2021-24695
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames...
CVE-2021-24695
Summary: The Simple Download Monitor WordPress plugin (before 3.9.6) stores logs in a predictable location and lacks authentication/authorization, allowing unauthenticated users to download and read logs that contain sensitive information (IP addresses, usernames). What’s affected: WordPress plug...
CVE-2021-24695 Simple Download Monitor < 3.9.6 - Unauthenticated Log Access
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames...