Lucene search
K

64 matches found

Circl
Circl
•added 2026/03/07 3:15 a.m.•7 views

CVE-2026-2488

creationtimestamp| type| source ---|---|--- 2026-03-07 03:15:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mggue6pzdg2o...

4.3CVSS5.8AI score0.0022EPSS
Exploits0References1
CVE
CVE
•added 2026/03/07 1:21 a.m.•10 views

CVE-2026-2488

CVE-2026-2488 refers to a ProfileGrid plugin vulnerability for WordPress where a missing capability check in pg_delete_msg() allows authenticated users with Subscriber+ privileges to delete arbitrary messages. Affected versions up to and including 5.9.8.1 are exploitable. Wordfence and related fe...

4.3CVSS5.9AI score0.0022EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2025/05/23 3:23 a.m.•10 views

CVE-2023-2488

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

6.1CVSS6.1AI score0.00522EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2025/05/22 9:50 a.m.•11 views

CVE-2011-2488

Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6.5AI score0.01442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/22 5:29 a.m.•5 views

CVE-2017-2488

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords...

7.5CVSS7.2AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/04 12:10 p.m.•28 views

CVE-2025-2488

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...

6.1CVSS5.4AI score0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2025/05/02 12:15 p.m.•5 views

CVE-2025-2488

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Profelis Informatics SambaBox allows Cross-Site Scripting XSS. This issue affects SambaBox: before 5.1...

6.1CVSS5.4AI score0.00255EPSS
Exploits0References4
CVE
CVE
•added 2025/05/02 11:30 a.m.•62 views

CVE-2025-2488

CVE-2025-2488 affects SambaBox by Profelis Informatics. The vulnerability is an XSS due to improper neutralization of input during web page generation, impacting SambaBox versions before 5.1. Technical details across connected sources confirm the affected component (web page generation), root cau...

6.1CVSS5.4AI score0.00255EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
•added 2025/02/05 9:18 p.m.•17 views

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

9.8CVSS7.2AI score0.28724EPSS
Exploits1References1
Talos
Talos
•added 2025/01/14 12:0 a.m.•16 views

Wavlink AC3000 touchlist_sync.cgi main() arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2024-1999 Wavlink AC3000 touchlistsync.cgi main arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2022-2488 SUMMARY An arbitrary code execution vulnerability exists in the touchlistsync.cgi main functionality of Wavlink AC3000...

9.8CVSS8AI score0.28724EPSS
Exploits1
Circl
Circl
•added 2025/01/08 5:13 p.m.•7 views

CVE-2023-2488

creationtimestamp| type| source ---|---|--- 2025-01-08 17:13:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/736...

6.1CVSS6AI score0.00522EPSS
Exploits2References1
OSV
OSV
•added 2024/12/13 2:8 p.m.•8 views

CGA-J27M-2488-V6GM

Bulletin has no description...

9.1CVSS9.2AI score0.03153EPSS
Exploits2
Rosalinux
Rosalinux
•added 2024/10/03 9:6 p.m.•20 views

Advisory ROSA-SA-2024-2488

Software: less 458 OS: rosa-server79 packageevrstring: less-458-10.res7 CVE-ID: CVE-2024-32487 BDU-ID: 2024-03717 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the UNIX-like UNIX text terminal utility Less is related to incorrect handling of quotation marks in the filename.c file. Exploitation of...

8.6CVSS7.6AI score0.00628EPSS
Exploits0
Circl
Circl
•added 2024/03/15 10:21 a.m.•5 views

CVE-2024-2488

creationtimestamp| type| source ---|---|--- 2024-03-15 10:21:49+00:00| seen| https://t.me/ctinow/208593 2024-03-15 10:26:44+00:00| seen| https://t.me/ctinow/208598 2024-03-16 20:50:42+00:00| published-proof-of-concept| https://t.me/arpsyndicate/4252...

9CVSS7.3AI score0.01534EPSS
Exploits1References3
CVE
CVE
•added 2024/03/15 9:0 a.m.•62 views

CVE-2024-2488

CVE-2024-2488 affects Tenda AC18 (firmware 15.03.05.05). The issue is a stack-based buffer overflow in the startIP parameter of the function formSetPPTPServer in /goform/SetPptpServerCfg . It can be exploited remotely and has been publicly disclosed, with potential impact on confidentiality, inte...

9CVSS8.9AI score0.01534EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
•added 2023/06/05 1:38 p.m.•8 views

CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

6.2AI score0.00522EPSS
Exploits2References1
CVE
CVE
•added 2023/06/05 1:38 p.m.•71 views

CVE-2023-2488

The CVE refers to the WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms, with versions prior to 2023 vulnerable to a Reflected XSS due to insufficient sanitisation/escaping of parameters when rendering admin dashboard pages. The impact targets high-privilege users (e.g.,...

6.1CVSS6AI score0.00522EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
•added 2023/03/08 12:0 a.m.•21 views

Debian: Security Advisory (DLA-313-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS6.5AI score0.00568EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
•added 2022/11/06 12:0 a.m.•11 views

Wavlink Routers Command Injection (CVE-2022-2486; CVE-2022-2488)

A command injection vulnerability exists in Wavlink Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.9AI score0.28724EPSS
Exploits2
Circl
Circl
•added 2022/07/20 4:20 p.m.•24 views

CVE-2022-2488

creationtimestamp| type| source ---|---|--- 2022-07-20 16:20:00+00:00| seen| https://t.me/cibsecurity/46642 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-31...

9.8CVSS7.3AI score0.28724EPSS
In wildExploits1References4
Rows per page
Query Builder