CVE-2026-2490

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged...

CVE-2026-2490 RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged...

CVE-2026-2490

creationtimestamp| type| source ---|---|--- 2026-02-19 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-117/...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-6.1.13.4.AXS4 (AXSA:2014-460:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-460:03 advisory. Description : The OpenJDK runtime environment. Security issues fixed with this release: CVE-2014-2490 Unspecified vulnerability in the Java SE...

EUVD-2026-2490

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parseapplysbmountoptions strscpypad can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 "string.h: Introduce memtostr and memtostrpad" provid...

EUVD-2010-0358

Malware in sbrugna...

CVE-2023-2490

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fernando Briano UserAgent-Spy plugin = 1.3.1 versions...

CVE-2025-2490

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site...

CVE-2025-2490

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site...

CVE-2025-2490 Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to cross site...

CVE-2025-2490

Summary: CVE-2025-2490 affects Dromara ujcms 9.7.5 in the File Upload component. The vulnerable code path is the uploadZip/upload function in WebFileUploadController.java, where manipulation leads to cross-site scripting. The attack is described as remote, with public exploit disclosure. Affected...

Qnap QTS Command Injection (CVE-2020-2490)

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Advisory ROSA-SA-2024-2490

Software: bind-dyndb-ldap 11.1 OS: rosa-server79 packageevrstring: bind-dyndb-ldap-11.1-7.res7.1 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic...

CVE-2024-2490

creationtimestamp| type| source ---|---|--- 2024-03-15 11:26:32+00:00| seen| https://t.me/ctinow/208630 2024-03-15 11:26:56+00:00| seen| https://t.me/ctinow/208646 2024-03-16 21:08:16+00:00| seen| https://t.me/arpsyndicate/4255...

CVE-2024-2490

CVE-2024-2490 affects Tenda AC18 with firmware 15.03.05.05. The vulnerability is a stack-based buffer overflow in the setSchedWifi function (/goform/openSchedWifi) caused by improper handling of schedStartTime/schedEndTime, exploitable remotely and publicly disclosed. There is no confirmed patch ...

CVE-2024-2490 Tenda AC18 openSchedWifi setSchedWifi stack-based overflow

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libwebp (SUSE-SU-2023:2490-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2490-1 advisory. - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode...

CVE-2023-2490

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fernando Briano UserAgent-Spy plugin = 1.3.1 versions...

CVE-2023-2490

CVE-2023-2490 affects the WordPress plugin UserAgent-Spy (Fernando Briano)

WordPress UserAgent-Spy Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software UserAgent-Spy Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2490 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7a32663f704c Credits Yash Kanchhal Required...