41 matches found
Erugo 0.2.14 - Remote Code Execution (RCE)
Exploit Title: Erugo = 0.2.14 - Authenticated Remote Code Execution RCE Date: 2026-02-02 Exploit Author: Abdul Moiz Vendor Homepage: https://github.com/ErugoOSS/Erugo Software Link:...
CVE-2026-24897
creationtimestamp| type| source ---|---|--- 2026-01-28 23:21:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdjfzww6iw2h 2026-01-28 23:58:30+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdji46cqyb2h 2026-02-02 12:10:51+00:00| seen|...
CVE-2020-24897
The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...
CVE-2021-24897
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field available only with classic editor when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2025-24897
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...
CVE-2025-24897
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...
CVE-2025-24897
creationtimestamp| type| source ---|---|--- 2025-02-11 15:40:15+00:00| seen| https://infosec.exchange/users/cve/statuses/113986005583376363 2025-02-11 16:17:09+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhw2o3s55w2a 2025-02-11 16:48:33+00:00| seen|...
CVE-2025-24897
Misskey CSRF vulnerability (CVE-2025-24897) affects Misskey versions 12.109.0 up to but not including 2025.2.0-alpha.0, due to CSRF protection gaps and insecure authentication cookie attributes in Bull dashboard. Some bull-board APIs can be driven into CSRF attacks, enabling potential manipulatio...
CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...
CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...
CVE-2024-11572 IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...
CVE-2024-24897
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-24897 Remote command execution in A-Tune-Collector
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
CVE-2024-24897
CVE-2024-24897 affects openEuler A-Tune-Collector (1.1.0-3 through 1.3.0). The root cause is improper neutralization of shell commands in sched.py when obtaining a process ID, enabling command injection and remote arbitrary command execution. Multiple connected sources (Red Hat, NVD/NVD-like entr...
CVE-2024-24897 Remote command execution in A-Tune-Collector
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...
OESA-2024-1274 A-Tune-Collector security update
A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...
OESA-2024-1271 A-Tune-Collector security update
A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...
CVE-2023-24897
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability...
CVE-2023-24897
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability...
CVE-2023-24897 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
...