MAL-2025-35708 Malicious code in test-mlw2-longe-crams (npm)

The package test-mlw2-longe-crams was found to contain malicious code...

CVE-2024-35708

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19...

CVE-2024-35708

CVE-2024-35708 describes an authenticated Stored XSS in the Rife Free WordPress theme. The vulnerability affects Rife Free versions up to 2.4.19 (the “

CVE-2024-35708 WordPress Rife Free theme <= 2.4.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19...

CVE-2024-35708 WordPress Rife Free theme <= 2.4.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19...

WordPress Rife Free Theme <= 2.4.19 is vulnerable to Cross Site Scripting (XSS)

Software Rife Free Type Theme Vulnerable versions = 2.4.19 Fixed in 2.4.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35708 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a9fdf7a4343 Credits stealthcopter Required privilege Contributo...

CVE-2023-35708

creationtimestamp| type| source ---|---|--- 2023-06-17 09:42:58+00:00| exploited| https://t.me/JerusalemElectronicArmy/401 2023-06-17 10:53:32+00:00| seen| Telegram/gubKb2Yanq1m7aRUYpFosJLMY1OTa0zqV9xfndvyMGC8wWQ 2023-06-19 07:24:22+00:00| seen| https://t.me/CyberSecurityIL/24237 2023-06-19...

Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

Cisco Talos is monitoring recent reports of exploitation attempts against CVE-2023-34362, a SQL injection zero-day vulnerability in the MOVEit Transfer managed file transfer MFT solution that has been actively targeted since late May 2023. Successful exploitation could lead to remote code executi...

What You Need To Know About MOVEit

The MOVEit Vulnerabilities and Latest Exploits. Impact On Governmental Agencies And Large Organizations Governmental agencies and large organizations around the world are being hit by ransomware attacks exploiting several vulnerabilities in MOVEit, a widely used file transfer solution. The...

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

CVE-2023-35708

In Progress MOVEit Transfer before 2021.0.8 13.0.8, 2021.1.6 13.1.6, 2022.0.6 14.0.6, 2022.1.7 14.1.7, and 2023.0.3 15.0.3, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

CVE-2023-35708

MOVEit Transfer is affected by a SQL injection in the web application that can allow an unauthenticated attacker to modify and disclose MOVEit’s database content. Affected versions include 2020.1.10 (12.1.10) and 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023...

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...

CVE-2022-35708

Adobe Bridge is affected by a heap-based buffer overflow (CVE-2022-35708) in versions 12.0.2 and earlier and 11.1.3 and earlier, leading to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Publicly documented ...

Adobe Bridge 11.x < 11.1.4 / 12.x < 12.0.3 Multiple Vulnerabilities (APSB22-49)

The version of Adobe Bridge installed on the remote Windows host is prior to 11.1.4 or 12.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb22-49 advisory. - Adobe Bridge version 12.0.2 and earlier and 11.1.3 and earlier are affected by a Heap-based Buffer...

CVE-2020-35708

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page...

CVE-2020-35708

CVE-2020-35708 affects phpList 3.5.9. The vulnerability is a SQL injection exploitable by admins who submit a crafted fourth line of a file via the Config - Import Administrators page. Documented impact is partial data confidentiality/integrity/availability per CVSS, with base scores: CVSS2 v2.0 ...

Intel AMT Input Validation Error Vulnerability (CNVD-2020-35708)

Intel Active Management Technology AMT is a set of hardware-based computer remote active management technology software from Intel Intel. A security vulnerability exists in Intel AMT that originates from the program failing to properly validate user input. An attacker could exploit this...