CVE-2025-36460

creationtimestamp| type| source ---|---|--- 2025-11-17 14:30:17+00:00| seen| https://infosec.place/objects/f0ff24dd-b424-4838-a02b-7e7d2fc4cfa8 2025-11-18 01:18:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5ukyhvw6h26...

MAL-2025-36460 Malicious code in test-mlw2-tinds-barge (npm)

The package test-mlw2-tinds-barge was found to contain malicious code...

CVE-2021-36460

VeryFitPro com.veryfit2hr.second 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's...

Linux Distros Unpatched Vulnerability : CVE-2024-36460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text. CVE-2024-36460 Note that Nessus reli...

Fedora: Security Advisory (FEDORA-2024-8382d1b267)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : zabbix (2024-c89d2ecdea)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c89d2ecdea advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 40 : zabbix (2024-8382d1b267)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-8382d1b267 advisory. Fix for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2024-36460

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text...

Mastodon Social Network Patches Critical Flaws Allowing Server Takeover

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "instances," and it has over 14...

CVE-2023-36460

creationtimestamp| type| source ---|---|--- 2023-07-06 22:20:38+00:00| seen| https://t.me/cibsecurity/66157 2023-07-07 15:59:20+00:00| seen| https://t.me/KomunitiSiber/460 2023-07-07 16:25:46+00:00| seen| Telegram/jTJuYtSbQEfHJc6c7J6-WePo4xpbfjCMQZTvI2g6D7Zhw 2023-07-09 11:59:01+00:00| seen|...

CVE-2023-36460 Mastodon vulnerable to arbitrary file creation through media attachments

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows...

CVE-2023-36460

CVE-2023-36460 affects Mastodon before the patches: 3.5.0–3.5.8, 4.0.0–4.0.4, and 4.1.0–4.1.2. A media processing flaw allows crafted media files to cause arbitrary files to be created or overwritten at any location the instance can access, enabling Denial of Service and arbitrary Remote Code Exe...

CVE-2022-36460

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

CVE-2022-36460

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

CVE-2022-36460

CVE-2022-36460 affects TOTOLINK A3700R (V9.1.2u.6134_B20201202). The issue is a command injection vulnerability in the UploadFirmwareFile function via the FileName parameter, enabling potential arbitrary command execution on the device. Public sources (NVD/Red Hat/CNNVD) corroborate a high-severi...

CVE-2021-36460

creationtimestamp| type| source ---|---|--- 2022-04-25 16:36:12+00:00| seen| https://t.me/cibsecurity/41379...

CVE-2021-36460

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the user’s password locally on the device and uses that hash to authenticate in all backend API communications (login, registration, password changes). An attacker who obtains the hash can take over the user’s account, nullifying the benefit of pass...

arc-swap (>=0.3.1 <=0.4.5), ipld-collections (>=0.1.0 <=0.3.0) +3 more potentially affected by CVE-2020-36460 via model (>=0.0.4 <=0.1.2)

model CARGO version =0.0.4, =0.3.1, =0.1.0, =0.1.0, =0.13.0, =0.0.1, =0.1.5 Source cves: CVE-2020-36460 Source advisory: OSV:GHSA-MXV6-Q98X-H958...

CVE-2020-36460

creationtimestamp| type| source ---|---|--- 2021-08-08 12:41:31+00:00| seen| https://t.me/cibsecurity/26991...

CVE-2020-36460

CVE-2020-36460 affects the Rust model crate: the Shared data structure implements Send and Sync regardless of the inner type, potentially enabling data races in safe Rust. Covered in multiple sources (NVD/RUSTSEC/RH Red Hat) with references to a contention issue; no explicit patch/version remedia...