EUVD-2026-2546

The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notelistclass' and 'popupdisplayeffectin' parameters in all versions up to, and including, 1.0 due to missing authorization and nonce verification on settings save, as well as insufficient input...

EUVD-2010-2973

Malware in sbrugna...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

CVE-2022-2546

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wmexport AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response...

CVE-2025-2546

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within...

CVE-2025-2546

creationtimestamp| type| source ---|---|--- 2025-03-20 15:18:12+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8201 2025-03-20 17:08:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkt6slhq6f2h 2025-03-20 17:23:59+00:00| seen| https://t.me/cvedetector/20...

CVE-2025-2546 D-Link DIR-618/DIR-605L Firewall Service formAdvFirewall access control

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within...

CVE-2025-2546

D-Link DIR-618 (2.02) and DIR-605L (2.02/3.02) are affected by an access-control vulnerability in the Firewall Service, specifically in the /goform/formAdvFirewall endpoint. The root cause is improper access controls for this file, enabling local-network attackers to manipulate firewall/DMZ setti...

Linux Distros Unpatched Vulnerability : CVE-2016-2546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service race condition,...

Linux Distros Unpatched Vulnerability : CVE-2010-2546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple heap-based buffer overflows in loaders/loadit.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted...

CVE-2020-2546

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Application Container - JavaEE. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

Exploit for CVE-2022-2546

All-in-One WP Migration " Affect...

Amazon Linux 2 : uriparser (ALAS-2024-2546)

The version of uriparser installed on the remote host is prior to 0.7.5-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2546 advisory. An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long...

RHEL 7 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c CVE-2019-15505 - kernel: lack of...

CVE-2024-2546

The CVE-2024-2546 entry describes a stack-based buffer overflow in Tenda AC18 firmware (version 15.13.07.09) caused by improper handling in the fromSetWirelessRepeat function when processing wpapsk_crypto5g. This vulnerability is exploitable remotely and has publicly disclosed exploit information...

CVE-2024-2546

creationtimestamp| type| source ---|---|--- 2024-03-16 08:11:13+00:00| seen| https://t.me/ctinow/209403 2024-03-17 03:21:39+00:00| seen| https://t.me/ctinow/209753 2024-03-17 03:26:09+00:00| seen| https://t.me/ctinow/209754...

CVE-2024-1820

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bluez (SUSE-SU-2023:2546-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2546-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...