64 matches found
CVE-2026-2488
creationtimestamp| type| source ---|---|--- 2026-03-07 03:15:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mggue6pzdg2o...
CVE-2026-2488
CVE-2026-2488 refers to a ProfileGrid plugin vulnerability for WordPress where a missing capability check in pg_delete_msg() allows authenticated users with Subscriber+ privileges to delete arbitrary messages. Affected versions up to and including 5.9.8.1 are exploitable. Wordfence and related fe...
CVE-2023-2488
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2011-2488
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2017-2488
A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords...
CVE-2025-2488
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...
CVE-2025-2488
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...
CVE-2025-2488
CVE-2025-2488 affects SambaBox by Profelis Informatics. The vulnerability is an XSS due to improper neutralization of input during web page generation, impacting SambaBox versions before 5.1. Technical details across connected sources confirm the affected component (web page generation), root cau...
CVE-2022-2488
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...
Wavlink AC3000 touchlist_sync.cgi main() arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2024-1999 Wavlink AC3000 touchlistsync.cgi main arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2022-2488 SUMMARY An arbitrary code execution vulnerability exists in the touchlistsync.cgi main functionality of Wavlink AC3000...
CVE-2023-2488
creationtimestamp| type| source ---|---|--- 2025-01-08 17:13:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/736...
CGA-J27M-2488-V6GM
Bulletin has no description...
Advisory ROSA-SA-2024-2488
Software: less 458 OS: rosa-server79 packageevrstring: less-458-10.res7 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the filename.c file. Exploitation of...
CVE-2024-2488
creationtimestamp| type| source ---|---|--- 2024-03-15 10:21:49+00:00| seen| https://t.me/ctinow/208593 2024-03-15 10:26:44+00:00| seen| https://t.me/ctinow/208598 2024-03-16 20:50:42+00:00| published-proof-of-concept| https://t.me/arpsyndicate/4252...
CVE-2024-2488
CVE-2024-2488 affects Tenda AC18 (firmware 15.03.05.05). The issue is a stack-based buffer overflow in the startIP parameter of the function formSetPPTPServer in /goform/SetPptpServerCfg . It can be exploited remotely and has been publicly disclosed, with potential impact on confidentiality, inte...
CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2023-2488
The CVE refers to the WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms, with versions prior to 2023 vulnerable to a Reflected XSS due to insufficient sanitisation/escaping of parameters when rendering admin dashboard pages. The impact targets high-privilege users (e.g.,...
Debian: Security Advisory (DLA-313-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Wavlink Routers Command Injection (CVE-2022-2486; CVE-2022-2488)
A command injection vulnerability exists in Wavlink Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-2488
creationtimestamp| type| source ---|---|--- 2022-07-20 16:20:00+00:00| seen| https://t.me/cibsecurity/46642 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-31...