20 matches found
CVE-2026-24796
Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules. This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162...
CVE-2026-24796 A Out-of-bounds Read vulnerability in CloverHackyColor/CloverBootloader
Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules. This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162...
CVE-2023-24796
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints...
CVE-2021-24796
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...
CVE-2025-24796
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
CVE-2025-24796
CVE-2025-24796 affects Collabora Online. When macros are enabled, Collabora Online can download and execute arbitrarily provided binaries inside the jail, potentially bypassing network access restrictions and allowing code execution within the document‑hosted environment. The issue is mitigated b...
CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
CVE-2025-24796 Remote Code Execution within Collabora Online jail with Macros Enabled
Collabora Online is a collaborative online office suite based on LibreOffice. Macro support is disabled by default in Collabora Online, but can be enabled by an administrator. Collabora Online typically hosts each document instance within a jail and is allowed to download content from locations...
CVE-2024-24796
creationtimestamp| type| source ---|---|--- 2024-02-12 09:21:24+00:00| seen| https://t.me/ctinow/182958 2025-05-07 21:22:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15431...
CVE-2024-24796
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1...
CVE-2024-24796 WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1...
CVE-2024-24796
CVE-2024-24796 describes a PHP Object Injection (Deserialization of Untrusted Data) vulnerability in the WordPress plugin “MageEventpress” (Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently), affected versions n/a through 4.1.1. Public sources confirm the issue stems from untru...
WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection
Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24796 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID e6a64198a3ef Credits Ngô Thiên An ancorn fr...
CVE-2023-24796
creationtimestamp| type| source ---|---|--- 2023-04-26 16:25:46+00:00| seen| https://t.me/cibsecurity/62890 2024-05-02 21:31:23+00:00| seen| https://t.me/ctinow/216627 2026-03-12 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mgvcd3erof2q...
CVE-2023-24796
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints...
CVE-2023-24796
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints...
CVE-2023-24796
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints...
CVE-2022-24796
creationtimestamp| type| source ---|---|--- 2022-04-01 02:19:13+00:00| seen| https://t.me/cibsecurity/39962...
CVE-2021-24796 My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...
CVE-2021-24796
The CVE-2021-24796 entry concerns the WordPress My Tickets plugin (versions before 1.8.31). The vulnerability is an unauthenticated stored Cross-Site Scripting (XSS) arising from improper sanitisation/escaping of the Email field in booked tickets displayed in the Payment admin dashboard. Impacted...