CVE-2026-2551

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...

CVE-2023-2551

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1...

CVE-2025-2551

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. The exploit has...

CVE-2025-2551

CVE-2025-2551 affects D-Link DIR-618 and DIR-605L (firmware versions 2.02/3.02). The vulnerability is an Access Control Error in the file /goform/formSetPortTr, enabling improper access controls and requiring local-network access to exploit. Multiple sources consistently describe impact as exposu...

CVE-2025-2551 D-Link DIR-618/DIR-605L formSetPortTr access control

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. The exploit has...

CVE-2024-2551

creationtimestamp| type| source ---|---|--- 2024-11-13 17:00:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-2551 2024-11-13 18:38:44+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113477099455726632 2024-11-14 09:43:51+00:00| seen|...

Rocky Linux 9 : bind (RLSA-2024:2551)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2551 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

RHEL 9 : bind (RHSA-2024:2551)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2551 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added three security flaws to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 CVSS score: 5.4 - Microsoft Windows...

woodlandsretina.com Cross Site Scripting vulnerability OBB-3678527

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fletchershardware.ie Cross Site Scripting vulnerability OBB-3455386

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-2551

creationtimestamp| type| source ---|---|--- 2023-05-06 00:25:15+00:00| seen| https://t.me/cibsecurity/63397 2023-11-17 07:02:15+00:00| exploited| https://t.me/thehackernews/4162 2023-11-17 10:12:21+00:00| exploited| https://t.me/tengkorakcybercrewz/2790 2023-11-17 10:12:21+00:00| exploited|...

CVE-2023-2551

CVE-2023-2551 affects the PHP-based Bumsys (unilogies/bumsys) with versions prior to 2.1.1. The vulnerability stems from an API endpoint that processes file paths and allows local files to be included, enabling remote code execution via crafted requests to the api route. The root cause is unsafe ...

CVE-2023-2551 PHP Remote File Inclusion in unilogies/bumsys

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1...

CVE-2023-2551 PHP Remote File Inclusion in unilogies/bumsys

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1...

erbacher-planungsbuero.de Cross Site Scripting vulnerability OBB-3256812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2015-2551

creationtimestamp| type| source ---|---|--- 2023-03-09 09:29:35+00:00| seen| https://t.me/alexredsec/309 2025-03-30 17:32:48+00:00| seen| https://bsky.app/profile/attrition.org/post/3llmesm3laf2g 2025-03-31 11:15:39+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lloa75nzqz25...

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

CVE-2022-2551 Duplicator < 1.4.7 - Unauthenticated Backup Download

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

CVE-2022-2551

CVE-2022-2551 affects WordPress Duplicator plugin versions prior to 1.4.7. The vulnerability is an authentication bypass that causes the plugin to disclose the backup URL to unauthenticated users who access the main installer endpoint, enabling download of the full site backup without authenticat...