SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24703)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...

CVE-2025-24703

Server-Side Request Forgery SSRF vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through = 3.0.33...

CVE-2021-24703

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwappluginactivate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed...

CVE-2020-24703

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....

CVE-2025-24703

creationtimestamp| type| source ---|---|--- 2025-01-24 21:32:07+00:00| seen| https://infosec.exchange/users/cve/statuses/113885467560504155...

CVE-2025-24703 WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33...

CVE-2025-24703

CVE-2025-24703 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin Comment Edit Core – Simple Comment Editing (DLX Plugins) up to version 3.0.33 . The vulnerability allows SSRF within the affected component, potentially enabling an attacker to induce the server to make requests...

CVE-2025-24703 WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through = 3.0.33...

CVE-2024-11542 IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2024-11542

CVE-2024-11542 concerns IrfanView DXF file parsing. Multiple connected sources confirm a memory-corruption vulnerability in the DXF parsing function that can lead to remote code execution. The issue arises from insufficient validation of user-supplied data during DXF parsing, allowing an attacker...

CVE-2024-24703

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25...

CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25...

CVE-2024-24703

CVE-2024-24703 is a Broken Access Control vulnerability in MultiVendorX Marketplace (WooCommerce). The issue arises from a missing authorization check that permits unauthenticated actors to perform data-modifying actions on the WC Marketplace &lt;= 4.0.25. PatchStack lists the vulnerable versions...

CVE-2024-24703 WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25...

CVE-2021-24703

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwappluginactivate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed...

CVE-2021-24703 Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwappluginactivate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed...

CVE-2021-24703

Summary: CVE-2021-24703 affects the WordPress Download Plugin (pre-1.6.1). The issue is in the dpwap_plugin_activate AJAX action, which lacks capability checks and CSRF verification. As a result, any authenticated user (e.g., subscribers) can activate plugins that are already installed. Impact (a...

CVE-2020-24703

CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...

Denial of Service Vulnerability in KsysCall.sys Driver of JM Firewall (CNVD-2018-24703)

Jiangmin Firewall is a network security protection tool designed to address the safety of individual users on the Internet, the product incorporates advanced network access dynamic monitoring technology to thoroughly solve the invasion of hacker attacks, Trojan horse programs and Internet viruses...