WordPress The Wound Theme <= 0.0.1 - Local File Inclusion

The-wound WordPress theme through 0.0.1 contains a local file inclusion caused by insufficient validation of parameters used to generate paths passed to include functions, letting unauthenticated users perform LFI attacks and download arbitrary files from the server. id: CVE-2025-2558 info: name:...

CGA-4V8Q-2MQP-2558

Bulletin has no description...

EUVD-2026-2558

The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweatclubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acce...

CVE-2024-2558

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

CVE-2022-2558

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations...

CVE-2025-2558

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server...

CVE-2025-2558

creationtimestamp| type| source ---|---|--- 2025-04-24 06:05:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13190 2025-04-24 08:52:53+00:00| seen| https://t.me/cvedetector/23640 2025-04-24 09:15:13+00:00| seen|...

CVE-2025-2558

CVE-2025-2558 describes an unauthenticated Local File Inclusion (LFI) in the WordPress theme The Wound (versions

Siemens Unlocked JTAG Interface / Buffer Overflow

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unlocked JTAG interface and buffer overflow product: Siemens SM-2558 Protocol Element extension module for Siemens SICAM AK3/TM/BC, Siemens CP-2016 & CP-2019 vulnerable...

Amazon Linux 2 : tigervnc (ALAS-2024-2558)

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2558 advisory. A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited b...

Important: tigervnc

Issue Overview: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X...

CVE-2024-2558

creationtimestamp| type| source ---|---|--- 2024-03-17 10:21:41+00:00| seen| https://t.me/ctinow/209851 2024-03-17 10:26:53+00:00| seen| https://t.me/ctinow/209853...

CVE-2024-2558

CVE-2024-2558 affects Tenda AC18, version 15.03.05.05. A stack-based buffer overflow in formexeCommand (file /goform/execCommand) is triggered by the cmdinput parameter, potentially allowing remote code execution and impacting confidentiality, integrity, and availability. Sources consistently des...

CVE-2023-2558 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcscurrentcurrency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2023-2558

CVE-2023-2558 affects the WPCS – WordPress Currency Switcher Professional plugin for WordPress. It is a stored Cross‑Site Scripting (XSS) vulnerability in the wpcs_current_currency shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versi...

Ubuntu: Security Advisory (USN-180-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2558

creationtimestamp| type| source ---|---|--- 2022-08-22 18:20:42+00:00| seen| https://t.me/cibsecurity/48487...

CVE-2022-2558

The CVE-2022-2558 issue affects the WordPress plugin Simple Job Board prior to version 2.10.0 . The vulnerability is a directory listing disclosure that allows public access to uploaded resumes in certain configurations. Affected component is the plugin’s file handling in those configurations, en...

Debian: Security Advisory (DLA-2558-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Solaris Critical Patch Update : jan2020_SRU11_4_16_4_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network...