EUVD-2021-11289

Malware in sbrugna...

CVE-2022-24948

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users...

CVE-2021-24377

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted o...

CVE-2020-24948

The aoccssimport AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution...

CVE-2025-24948

creationtimestamp| type| source ---|---|--- 2025-04-15 15:54:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11861 2025-04-15 18:44:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmuqaljyxe2c 2025-04-15 19:57:02+00:00| seen| https://t.me/cvedetector/22964...

Unspecified vulnerability in Linux kernel (CNVD-2024-24948)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a security flaw in the pfmemalloc state. No details of the vulnerability are provided at this time...

CVE-2023-24948

Windows Bluetooth Driver Elevation of Privilege Vulnerability...

CVE-2023-24948

Windows Bluetooth Driver Elevation of Privilege Vulnerability...

CVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege Vulnerability

...

CVE-2023-24948

CVE-2023-24948 is a Windows Bluetooth Driver Elevation of Privilege vulnerability. Documents indicate affected component as the Windows Bluetooth driver and classify impact as privilege escalation with high confidentiality/integrity/availability risk (CVSS: AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). P...

CVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege Vulnerability

...

org.apache.jspwiki.it:jspwiki-selenide-tests (>=2.11.0 <=2.11.1), org.apache.jspwiki:jspwiki-210-adapters (>=2.11.0 <=2.11.1) +5 more potentially affected by CVE-2022-24948 via org.apache.jspwiki:jspwiki-main (>=2.11.0 <=2.11.1)

org.apache.jspwiki:jspwiki-main MAVEN version =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.1 Source cves: CVE-2022-24948 Source advisory: OSV:GHSA-9953-FMRW-V4VM...

CVE-2022-24948

creationtimestamp| type| source ---|---|--- 2022-02-25 12:20:30+00:00| seen| https://t.me/cibsecurity/38077 2022-03-03 14:54:39+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/6065 2022-03-05 11:07:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/554...

CVE-2022-24948

CVE-2022-24948 affects Apache JSPWiki. The vulnerability is a cross-site scripting (XSS) issue in the user preferences screen, allowing an attacker to execute JavaScript in a victim’s browser and potentially read sensitive information. The issue affects JSPWiki versions prior to 2.11.2; mitigatio...

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

CVE-2021-24948

The CVE affects The Plus Addons for Elementor Pro (WordPress) up to version 5.0.6. The tp_get_dl_post_info_ajax action does not validate the qvquery parameter, allowing unauthenticated users to retrieve sensitive data such as private and draft posts. Public CVSS metrics indicate high impact (CVSS...

CVE-2020-24948

creationtimestamp| type| source ---|---|--- 2021-06-22 00:15:27+00:00| seen| https://t.me/cibsecurity/25587...

CVE-2021-24376

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files such as .php form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP...

Race condition

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted o...