CVE-2026-34797

creationtimestamp| type| source ---|---|--- 2026-04-02 17:13:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mijpd5rw5p2n 2026-04-02 17:38:00+00:00| seen| Telegram/-NvE3DOHeY-1Q0zG5YCstM01cFOFdgBxqrRb0oXZGokSQ 2026-04-03 08:00:17+00:00| seen|...

CVE-2026-34797

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34797

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logssmtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

MAL-2025-34797 Malicious code in test-mlw1-morns-bairn (npm)

The package test-mlw1-morns-bairn was found to contain malicious code...

CVE-2023-34797

Broken access control in the Registration page /Registration.aspx of Termenos CWX v8.5.6 allows attackers to access sensitive information...

CVE-2021-34797

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

CVE-2024-34797

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5...

CVE-2024-34797 WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5...

CVE-2024-34797 WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through 1.3.5...

WordPress Simple Popup Manager Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Popup Manager Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34797 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3a5e35fbabd1 Credits Cronus Required privilege...

CVE-2023-34797

Broken access control in the Registration page /Registration.aspx of Termenos CWX v8.5.6 allows attackers to access sensitive information...

CVE-2023-34797

Broken access control in the Registration page /Registration.aspx of Termenos CWX v8.5.6 allows attackers to access sensitive information...

CVE-2023-34797

Summary: CVE-2023-34797 affects Termenos CWX v8.5.6 where the Registration page (/Registration.aspx) has broken access control, allowing access to sensitive information. Affected software: Termenos CWX 8.5.6. Cause: improper access control on the Registration page; no details on root cause beyond...

CVE-2022-34797

creationtimestamp| type| source ---|---|--- 2022-06-30 22:44:02+00:00| seen| https://t.me/cibsecurity/45454 2023-12-20 13:48:44+00:00| seen| https://t.me/ctinow/156967...

CVE-2022-34797

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

CVE-2022-34797

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

CVE-2022-34797

Summary (CVE-2022-34797) : Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier are vulnerable to a cross-site request forgery (CSRF) that lets an attacker connect to an attacker-specified HTTP URL using attacker-specified credentials. The issue is documented across multiple sources (N...

CVE-2022-34797

A cross-site request forgery CSRF vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.2 <=3.0.4) +41 more potentially affected by CVE-2021-34797 via org.apache.geode:geode-core (>=1.13.0 <=1.13.4)

org.apache.geode:geode-core MAVEN version =1.13.0, =2.0.2, =2.0.2, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.0, =1.13.2, =1.13.2, =1.13.2, =1.13.0, =1.13.0, =1.13.4 and more Source cves: CVE-2021-34797 Source advisory: OSV:GHSA-MW25-F5R2-HPC6...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=2.0.0 <=2.0.1), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=2.0.0 <=2.0.1) +51 more potentially affected by CVE-2021-34797 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.12.4)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =2.0.0, =2.0.0, =2.0.0, =0.3.12, =0.3.5, =2.4.0, =1.22.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.0.0-incubating, =1.12.4 and more Source cves: CVE-2021-34797 Source advisory: OSV:GHSA-MW25-F5R2-HPC6...