CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController eID txcmsshowpic lacks a cryptographic HMAC-signature on the frame HTTP query parameter e.g...

CVE-2023-34358

creationtimestamp| type| source ---|---|--- 2023-07-31 12:42:31+00:00| seen| https://t.me/cibsecurity/67437...

CVE-2023-34358

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition...

CVE-2023-34358

The CVE-2023-34358 entry applies to the ASUS RT-AX88U router (httpd). Affected component: httpd, vulnerable in the web.c string comparison when processing a crafted User-Agent, leading to an unauthenticated DoS (remote attacker can crash the httpd binary). Root cause appears to be input handling ...

Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358)

Summary Digital Certificate Manager for IBM i is vulnerable to a cross-site scripting issue in the old web application as described in the vulnerability details section. IBM i has addressed the applicable CVE with a fix to the Digital Certificate Manage web application as described in the...

CVE-2022-34358

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516...

CVE-2021-34358

creationtimestamp| type| source ---|---|--- 2021-11-20 07:17:33+00:00| seen| https://t.me/cibsecurity/32764...

CVE-2021-34358

CVE-2021-34358 affects QmailAgent up to 3.0.1 and is a cross-site request forgery (CSRF) vulnerability. The issue is mitigated by upgrading to QmailAgent 3.0.2 (2021-08-25) or later, as stated in multiple sources. The CVSS details indicate a network-exposed, high-severity issue with user interact...

CVE-2025-34358

CVE-2025-34358 is rejected/not used and does not represent an active vulnerability entry.