CVE-2026-2557

CVE-2026-2557 affects cskefu up to 8.0.1. The vulnerability is in the Upload function of MediaController.java (package com/cskefu/cc/controller/resource/MediaController.java) where the file upload path allows cross-site scripting. The issue is triggered remotely and exploit code is public (PoC). ...

RHEL 8 : kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_81_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 (RHSA-2026:2557)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2557 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

EUVD-2026-2557

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2025-2557)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2021-2557

Malware in sbrugna...

CVE-2024-2557

A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2022-2557

The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user...

CVE-2025-2557

A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has...

CVE-2024-2557

creationtimestamp| type| source ---|---|--- 2024-03-17 10:21:40+00:00| seen| https://t.me/ctinow/209850 2024-03-17 10:26:52+00:00| seen| https://t.me/ctinow/209852...

CVE-2024-2557 kishor-23 Food Waste Management System admin.php improper authorization

A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2024-2557 kishor-23 Food Waste Management System admin.php improper authorization

A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2024-2557

CVE-2024-2557 affects kishor-23 Food Waste Management System 1.0, with a vulnerability in /admin/admin.php enabling improper authorization. A remote-ready issue has been disclosed publicly; multiple sources indicate it could be exploited to bypass authorization. Risk is rated HIGH by CVSS 3.1 in ...

Huawei EulerOS: Security Advisory for dmidecode (EulerOS-SA-2023-2557)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2557

CVE-2023-2557 concerns the WPCS – WordPress Currency Switcher Professional plugin. The vulnerability is a missing capability check on the save function, allowing authenticated attackers with subscriber-level permissions or higher to modify an arbitrary custom drop-down currency switcher. Affected...

CVE-2022-2557

creationtimestamp| type| source ---|---|--- 2022-08-22 18:20:39+00:00| seen| https://t.me/cibsecurity/48485...

CVE-2022-2557

CVE-2022-2557 affects the WordPress plugin Team Members Showcase (tlp-team) prior to version 4.1.2. The vulnerability allows an authenticated user to exploit a path traversal flaw to download arbitrary files from the server, with the problematic file being deleted after its contents are returned ...

SUSE: Security Advisory (SUSE-SU-2018:2557-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2557-1 : linux-4.19 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-27815 A flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial o...

Debian: Security Advisory (DLA-2557-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-2557)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...