CVE-2026-2495

creationtimestamp| type| source ---|---|--- 2026-02-18 09:16:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf4qn2e2t62x 2026-02-18 09:34:57+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mf4rnecges2h 2026-02-18 10:30:30+00:00| seen|...

MiracleLinux 8 : redis:6 (AXSA:2021-2495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2495:01 advisory. redis: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 redis: Integer overflow issue with Streams CVE-2021-32627 redis: Integer...

CVE-2023-2495

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...

CVE-2025-2495

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

CVE-2025-2495

creationtimestamp| type| source ---|---|--- 2025-03-18 11:55:37+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7900 2025-03-18 16:03:51+00:00| seen| https://t.me/cvedetector/20566 2025-03-18 16:13:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lko2rjse7a2w...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

Linux Distros Unpatched Vulnerability : CVE-2011-2495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc//io files, which allows local users to obtain sensitive I/O...

Qnap QuTS hero Cross-site Scripting (CVE-2020-2495)

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 a...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2495-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2495-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

Trend Micro Worry-Free Business Security (WFBS) Command Execution Vulnerability (000294994)

The remote host is running a version of the Trend Micro WFBS which is affected by a command execution vulnerability in the 3rd party AV uninstaller module contained in Worry-Free Business Security which could allow an attacker to manipulate the module to execute arbitrary commands on an affected...

CVE-2024-2495

CVE-2024-2495 affects FriendlyWrt firmware (example version: 2022-11-16.51b3d35). The connected documents describe a plaintext cryptographic key vulnerability in the firmware, exposing the key material and enabling an attacker to compromise the confidentiality and integrity of encrypted data. The...

CVE-2024-2495 Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data...

CVE-2019-2495

creationtimestamp| type| source ---|---|--- 2023-11-15 16:53:23+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5991...

CVE-2023-2495

CVE-2023-2495 concerns the Greeklish-permalink WordPress plugin (≤ 3.3). The vulnerability arises from missing authorization/nonce checks in the cyrtrans_ajax_old AJAX action, enabling unauthenticated and low-privilege users to trigger the plugin’s slug-changing function, directly or via CSRF. Th...

CVE-2023-2495 Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

WordPress Greeklish-permalink Plugin <= 3.3 is vulnerable to Privilege Escalation

Software Greeklish-permalink Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2495 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID fc7e9236dbd8 Credits Jonas Höbenreich Required...

Debian: Security Advisory (DSA-2303-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2495)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2495

Microweber (GitHub: microweber/microweber) is affected by a stored Cross-site Scripting (XSS) vulnerability arising in versions prior to 1.2.21. The issue stems from how SVG uploads are handled, allowing stored XSS when users upload SVG files. Multiple sources (CVE-2022-2495 records, CNVD-2022-54...