CVE-2026-2489

creationtimestamp| type| source ---|---|--- 2026-02-26 05:27:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfqhjtx7ly2n...

CVE-2022-2489

A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||SELECT 0x6770715a WHERE 8795=8795 AND SELECT 8342 FROMSELECT...

CVE-2025-2489

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json...

CVE-2025-2489

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json...

CVE-2025-2489

creationtimestamp| type| source ---|---|--- 2025-03-18 11:55:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7902 2025-03-18 16:03:52+00:00| seen| https://t.me/cvedetector/20567 2025-03-18 16:13:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lko2rkdmoa2m 2025-08-12...

CVE-2025-2489

CVE-2025-2489 affects NTFS Tools 3.5.1 and involves insecure storage of sensitive information. The vulnerability stems from storing the application password in /Users/user/Library/Application Support/ntfs-tool/config.json, enabling an attacker with local access to read the password. Documented im...

CVE-2025-2489 Insecure storage of sensitive information in NTFS Tool

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json...

CVE-2023-2489

creationtimestamp| type| source ---|---|--- 2025-01-08 17:13:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/734...

Advisory ROSA-SA-2024-2489

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.P2.res7.16 CVE-ID: CVE-2023-2828 BDU-ID: 2023-07642 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker...

CVE-2024-2489

creationtimestamp| type| source ---|---|--- 2024-03-15 10:21:50+00:00| seen| https://t.me/ctinow/208594 2024-03-15 10:26:45+00:00| seen| https://t.me/ctinow/208599 2025-04-10 20:49:59+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11355...

CVE-2024-2489

CVE-2024-2489 affects Tenda AC18 firmware 15.03.05.05; the vulnerability is in formSetQosBand (file /goform/SetNetControlList) and stems from a stack-based buffer overflow, enabling remote exploitation. Public exploit details exist; remediation guidance from connected sources recommends disabling...

Amazon Linux 2 : cpio (ALAS-2024-2489)

The version of cpio installed on the remote host is prior to 2.12-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2489 advisory. cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a fil...

SUSE: Security Advisory (SUSE-SU-2023:2489-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2489

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-2489

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2023-2489

CVE-2023-2489 relates to the WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms. The public docs indicate the issue stems from inadequate sanitization/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html...

CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Debian: Security Advisory (DLA-313-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2489

creationtimestamp| type| source ---|---|--- 2022-07-20 16:19:55+00:00| seen| https://t.me/cibsecurity/46637...

CVE-2022-2489

A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||SELECT 0x6770715a WHERE 8795=8795 AND SELECT 8342 FROMSELECT...