CVE-2024-2470

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2025-2470)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2017-2470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves...

CVE-2024-2470

creationtimestamp| type| source ---|---|--- 2025-07-25 01:12:22+00:00| seen| https://gist.github.com/ferasdour/504aa49686f8e64564249de44cd5eab2...

Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024164 fixes one issue. The following security issue was fixed: CVE-2024-56558: nfsd: make sure exp active before svcexportshow bsc1243648. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2023-2470

The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2011-2470

Cross-site scripting XSS vulnerability in chat/base/admin/login.php in A Really Simple Chat ARSC 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arscmessage parameter...

CVE-2010-2470

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when usesuexec is enabled, uses world-readable permissions within 1 .bzr/ and 2 data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability...

WordPress Service Finder Bookings plugin <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' vulnerability

Unauthenticated Privilege Escalation via 'nslregistrationstoreextrainput' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Service Finder Booking versions = 5.1...

CVE-2025-2470

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

CVE-2025-2470

creationtimestamp| type| source ---|---|--- 2025-04-25 12:09:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13406 2025-04-25 13:19:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnncroikpk2a 2025-04-25 13:48:43+00:00| seen|...

CVE-2025-2470

CVE-2025-2470 affects the WordPress plugin Service Finder Bookings (versions up to 5.1). TheRoot cause is a missing restriction on user roles in the function nsl_registration_store_extra_input , allowing unauthenticated attackers to register accounts with arbitrary roles (including Administrator)...

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

CVE-2023-2470

creationtimestamp| type| source ---|---|--- 2025-01-10 18:03:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1195...

CVE-2024-2470

CVE-2024-2470 affects the WordPress plugin Simple Ajax Chat, with the issue occurring in versions prior to 20240412. The vulnerability stems from insufficient sanitisation/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., administrators), even when unfiltered...

CVE-2024-2470 Simple Ajax Chat < 20240412 - Admin+ Stored XSS

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-2470 Simple Ajax Chat < 20240412 - Admin+ Stored XSS

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Amazon Linux 2 : nss-util (ALAS-2024-2470)

The version of nss-util installed on the remote host is prior to 3.44.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2470 advisory. Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before...

CVE-2023-2470

The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...