Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0.18 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Services on OpenShift 18.0.18 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

[SECURITY] [DLA 4486-1] nova security update

Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara February 20, 2026 https://wiki.debian.org/LTS Package : nova Version : 2:22.4.0-1deb11u7 CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud...

Debian: Security Advisory (DSA-6145-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6145-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6145-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq -...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

Linux Distros Unpatched Vulnerability : CVE-2026-24708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk...

CVE-2026-24708

creationtimestamp| type| source ---|---|--- 2026-02-17 15:33:59+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mf2vahie7y2b 2026-02-17 16:39:07+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mf2yuvj3nf2r 2026-02-17 16:59:07+00:00| seen|...

CVE-2020-24708

Cross Site Scripting XSS vulnerability in Gophish before 0.11.0 via the Host field on the send profile form...

CVE-2022-24708

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. ttUser.class.php in Time Tracker versions prior to 1.20.0.5646 was not escaping primary group name for display. Because of that, it was possible for a logged in user to modify primary group name with element...

CVE-2025-24708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms,...

CVE-2025-24708 WordPress WP Dynamics CRM plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-dynamics-crm allows Reflected XSS.This issue affects WP Dynamics CRM for Contact Form 7, WPForms,...

CVE-2025-24708

CVE-2025-24708 is a reflected XSS in the WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin. Affected versions are up to 1.1.6. Root cause: improper input neutralization during web page generation. The CVE entry is present in multiple feeds; Patch status ind...

CVE-2024-24708

creationtimestamp| type| source ---|---|--- 2024-02-29 03:03:11+00:00| seen| https://t.me/ctinow/196137 2024-03-15 00:31:37+00:00| seen| https://t.me/ctinow/208308...

CVE-2024-24708

Cross-Site Request Forgery CSRF vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19...

CVE-2024-24708

CVE-2024-24708 is a CSRF vulnerability in the WordPress plugin W3SPEEDSTER (W3SPEEDSTER WP). Affected versions are

WordPress W3SPEEDSTER Plugin <= 7.19 is vulnerable to Cross Site Request Forgery (CSRF)

Software W3SPEEDSTER Type Plugin Vulnerable versions = 7.19 Fixed in 7.20 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-24708 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 75264187b158 Credits Nguyen Xuan Chien...

CVE-2022-24708

The CVE-2022-24708 entry describes a Stored XSS vulnerability in Anuko Time Tracker. The issue occurs in ttUser.class.php where the primary group name was not escaped for display, allowing a logged-in user to inject JavaScript that could execute in their browser on pages displaying the group name...

CVE-2021-24708

The CVE-2021-24708 entry corresponds to the WordPress plugin “Export any WordPress data to XML/CSV” (pre-1.3.1) and describes a stored Cross-Site Scripting (XSS) vulnerability in the Manage Exports UI: the plugin does not escape the Export name before output, enabling high-privilege users to trig...

CVE-2021-24708 WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2020-24708

creationtimestamp| type| source ---|---|--- 2020-10-28 23:33:32+00:00| seen| https://t.me/cibsecurity/15702...