CVE-2026-2560 kalcaddle kodbox Media File Preview Plugin VideoResize.class.php run os command injection

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can ...

CVE-2026-2560

Affected software.�a0 kalcaddle kodbox (up to 1.64.05) and specifically the Media File Preview Plugin, vulnerable via the function run in plugins/fileThumb/lib/VideoResize.class.php. Root cause.�a0 Manipulation of the localFile argument leads to an OS command injection. Impact.�a0 Remote attacker...

CVE-2026-2560

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can ...

CVE-2024-2560

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has bee...

CVE-2011-2560

The Packet Capture Service in Cisco Unified Communications Manager aka CUCM, formerly CallManager 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service memory consumption and restart by making many connections, aka Bug ID CSCtf97162...

CVE-2025-2560

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2560

creationtimestamp| type| source ---|---|--- 2025-02-18 21:11:32+00:00| seen| Telegram/7re2U1FxnCa2kNQpvovquwMZPIMPrP98oj2hayY9MZGeSr0...

CVE-2022-2560

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper...

Amazon Linux 2 : kernel (ALAS-2024-2560)

The version of kernel installed on the remote host is prior to 4.14.158-129.185. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2560 advisory. The Linux kernel before 5.4.2 mishandles ext4expandextraisize, as demonstrated by use-after-free errors in...

Oracle Linux 9 : libvirt (ELSA-2024-2560)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2560 advisory. - Fix off-by-one error in udevListInterfacesByStatus CVE-2024-1441, RHEL-25081 Tenable has extracted the preceding description block directly from the...

RHEL 9 : libvirt (RHSA-2024:2560)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2560 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems...

CVE-2024-2560

creationtimestamp| type| source ---|---|--- 2024-03-17 12:21:55+00:00| seen| https://t.me/ctinow/209886 2024-03-17 12:26:56+00:00| seen| https://t.me/ctinow/209889...

CVE-2024-2560

CVE-2024-2560 affects Tenda AC18 firmware 15.03.05.05: the fromSysToolRestoreSet function in /goform/SysToolRestoreSet is susceptible to cross-site request forgery. The vulnerability can be triggered remotely, and the exploit has been publicly disclosed. Vendor response is not documented in the s...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2560)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2560

A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-2560

A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-2560 jja8 NewBingGoGo cross site scripting

A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-2560

CVE-2023-2560 concerns jja8 NewBingGoGo up to 2023.5.5.2. The vulnerability is a cross-site scripting issue caused by manipulated input in the software, with remote initiation possible. Public exploitation is indicated by multiple sources. Impact is limited to confidentiality and integrity (per C...

CVE-2023-2560 jja8 NewBingGoGo cross site scripting

A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2022-2560

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper...