CVE-2025-24768

creationtimestamp| type| source ---|---|--- 2025-06-09 16:56:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17720...

CVE-2025-24768

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through = 2.9...

CVE-2025-24768

CVE-2025-24768 affects the WordPress theme “snstheme Nitan” (versions n/a through 2.9). The issue is described as an Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion) that enables PHP Local File Inclusion. Public sources consistently cite this as a local file ...

CVE-2025-24768 WordPress Nitan theme <= 2.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through = 2.9...

CVE-2025-24768 WordPress Nitan theme <= 2.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through = 2.9...

WordPress Nitan Theme <= 2.9 is vulnerable to Local File Inclusion

Software Nitan Type Theme Vulnerable versions = 2.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24768 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ec6d95e09a1c Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...

CVE-2024-11800

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this...

CVE-2024-11800 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this...

CVE-2024-11800

The CVE-2024-11800 issue affects Fuji Electric Tellus Lite V-Simulator 5 V8. It stems from parsing of V8 files in the V-Simulator 5 component, where lack of proper validation of user-supplied data length leads to a stack-based buffer overflow. This can allow an attacker to execute arbitrary code ...

CVE-2024-11800 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this...

CVE-2024-24768

1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6...

CVE-2024-24768

creationtimestamp| type| source ---|---|--- 2024-02-05 14:41:34+00:00| published-proof-of-concept| https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h 2024-02-05 16:31:20+00:00| seen| https://t.me/ctinow/179314 2024-02-29 09:27:11+00:00| seen| https://t.me/ctinow/196401...

CVE-2022-24768

creationtimestamp| type| source ---|---|--- 2022-03-24 01:28:56+00:00| seen| https://t.me/cibsecurity/39461...

CVE-2022-24768

CVE-2022-24768 affects Argo CD, an RBAC-controlled GitOps tool for Kubernetes, via an improper access control bug that can enable admin-level privilege escalation for an authorized user who already has push access to an Application’s source repository or has sync and override access. Exposures va...

CVE-2022-24768 Improper access control allows admin privilege escalation in Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5...

CVE-2021-24768

creationtimestamp| type| source ---|---|--- 2021-11-29 12:33:07+00:00| seen| https://t.me/cibsecurity/33015...

CVE-2021-24768 WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

CVE-2021-24768

CVE-2021-24768 affects the WordPress WP RSS Aggregator plugin prior to 4.19.2. The issue is improper sanitisation/escaping of the URL to the Blacklist field, allowing malicious HTML to be stored by high-privilege users even when unfiltered_html is disallowed, enabling stored Cross-Site Scripting ...