CVE-2026-24889

creationtimestamp| type| source ---|---|--- 2026-01-28 23:34:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdjgrbuekb2c...

CVE-2024-24889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

CVE-2025-24889

creationtimestamp| type| source ---|---|--- 2025-02-13 17:37:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113997790534218207 2025-02-13 18:18:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li3cfi2hv32c 2025-02-13 19:10:04+00:00|...

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

CVE-2025-24889

The CVE-2025-24889 issue affects the SecureDrop Client (Workstation) prior to versions 0.14.1 and 1.0.1. A path traversal flaw in the sd-log VM’s log-writing logic allows an attacker who already has code execution on another VM to cause code execution in sd-log by sending a crafted log entry. Thi...

CVE-2024-24889

creationtimestamp| type| source ---|---|--- 2024-02-12 08:21:27+00:00| seen| https://t.me/ctinow/182938...

CVE-2024-24889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

CVE-2024-24889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

CVE-2024-24889 WordPress All 404 Pages Redirect to Homepage Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9...

CVE-2024-24889

CVE-2024-24889 affects the WordPress plugin All 404 Pages Redirect to Homepage (version

CVE-2022-24889

creationtimestamp| type| source ---|---|--- 2022-04-27 18:13:14+00:00| seen| https://t.me/cibsecurity/41501...

CVE-2022-24889

CVE-2022-24889 affects Nextcloud Server (file server component). The vulnerability lets an attacker trick administrators into enabling the server’s unnecessary “recommended” apps, thereby unnecessarily expanding the attack surface. Public details indicate this is remedied by upgrading to versions...

CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

CVE-2021-24889 Ninja Forms < 3.6.4 - Admin+ SQL Injection

The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks...

CVE-2021-24889

The CVE refers to WordPress Ninja Forms Contact Form plugin. Up to version 3.6.3 (3.6.4 fixes) the vulnerability stems from not escaping keys of POST parameters, enabling SQL injection by high-privilege users. Affected product: Ninja Forms Contact Form WordPress plugin. Root cause: missing escapi...

CVE-2020-24889

CVE-2020-24889 covers a buffer overflow in LibRaw

Product update: Virtuozzo Infrastructure Platform 3.0 Update 1 (3.0.1-55)

This update provides a new feature as well as stability and usability fixes. Vulnerability id: VSTOR-23861 Wrong details were reported for software RAID partitions. Vulnerability id: VSTOR-24687 Log rotation could lead to agent restart. Vulnerability id: VSTOR-24814 Network configuration was not...