129 matches found
RockyLinux 8 : freeradius:3.0 (RLSA-2023:2870)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...
ECHO-CEF4-2870-B604
Bulletin has no description...
CVE-2026-2870
creationtimestamp| type| source ---|---|--- 2026-02-21 17:38:28+00:00| published-proof-of-concept| https://t.me/realcodeb0ss/333 2026-03-02 13:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mg3ewv4gch2u...
CVE-2026-2870 Tenda A21 formSetQosBand set_qosMib_list stack-based overflow
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function setqosMiblist of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to th...
CVE-2026-2870
CVE-2026-2870 affects Tenda A21 firmware 1.0.0.0, where the function set_qosMib_list in /goform/formSetQosBand suffers a stack-based buffer overflow. The argument list manipulation can be triggered remotely, and a public exploit exists, indicating practical risk. The provided details specify remo...
Important: cri-tools
Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 The net/http package accepted data in the chunked transfer encoding...
Amazon Linux 2 : cri-tools (ALAS-2025-2870)
The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2870 advisory. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning...
CVE-2023-2870
A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host...
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned...
CVE-2005-2870
Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses...
CVE-2025-2870
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
CVE-2025-2870
creationtimestamp| type| source ---|---|--- 2025-03-28 11:28:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9315 2025-03-28 13:33:47+00:00| seen| https://t.me/cvedetector/21392 2025-08-10 18:27:45+00:00| seen| MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c 2025-09-10 07:47:59+00:00| seen|...
CVE-2025-2870
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
CVE-2025-2870
CVE-2025-2870 is a reflected Cross-Site Scripting (XSS) vulnerability in the Clinic Queuing System v1.0. The issue arises via the page parameter in /patient_side.php, enabling an attacker to induce the victim’s browser to execute injected JavaScript when the link is used. This is documented acros...
CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
WordPress Swift Framework Page Builder Plugin < 2024.04.30 is vulnerable to Cross Site Scripting (XSS)
Software Swift Framework Page Builder Type Plugin Vulnerable versions 2024.04.30 Fixed in 2024.04.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2870 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 057d34197d18 Credi...
CVE-2024-2870
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-2870 Swift Framework < 2024.04.30 - Reflected XSS
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-2870
The CVE-2024-2870 concerns the WordPress plugin socialdriver-framework (versions before 2024.04.30). A parameter is not properly sanitized/escaped before being reflected in the page, causing a Reflected Cross‑Site Scripting (XSS) vulnerability. The issue could be exploited against high‑privilege ...