MAL-2025-36520 Malicious code in test-mlw2-tupik-coaly (npm)

The package test-mlw2-tupik-coaly was found to contain malicious code...

CVE-2025-36520

CVE-2025-36520 : Bloomberg Comdb2 8.1 is affected by a null pointer dereference in the net_connectmsg Protocol Buffer Message handling. A specially crafted network packet can trigger a denial of service by causing a NULL dereference during decoding of NetConnectMsg (notably in process_connect_mes...

CVE-2025-36520

A null pointer dereference vulnerability exists in the netconnectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability...

Bloomberg Comdb2 net_connectmsg Protocol Buffer Message null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2025-2197 Bloomberg Comdb2 netconnectmsg Protocol Buffer Message null pointer dereference vulnerability July 22, 2025 CVE Number CVE-2025-36520 SUMMARY A null pointer dereference vulnerability exists in the netconnectmsg Protocol Buffer Message functionality of...

CVE-2023-36520

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12...

CVE-2022-36520

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup...

CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

CVE-2023-36520

creationtimestamp| type| source ---|---|--- 2023-12-20 16:23:58+00:00| seen| https://t.me/ctinow/157121 2024-01-13 14:51:40+00:00| seen| https://t.me/ctinow/167842...

CVE-2023-36520 WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12...

CVE-2023-36520

CVE-2023-36520 affects the WordPress Editorial Calendar plugin up to version 3.7.12. Affected: Editorial Calendar plugin for WordPress. What’s at issue: Insecure Direct Object References (IDOR) enabling an authorization bypass via a user-controlled key, as documented by Patchstack and CVE records...

WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)

Software Editorial Calendar Type Plugin Vulnerable versions = 3.7.12 Fixed in 3.8.0 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-36520 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cbcd0860491 Credits Elliot...

CVE-2021-36520

creationtimestamp| type| source ---|---|--- 2023-04-16 07:27:29+00:00| seen| https://t.me/cibsecurity/62260...

CVE-2021-36520

A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI...

CVE-2021-36520

CVE-2021-36520 : A SQL injection vulnerability in I-Tech TrainSmart r1044 is exploitable via the URI path evaluation/assign-evaluation?id=, enabling remote attackers to view sensitive information. Public PoC/exploit references confirm workable SQL injection scenarios. The CVSS v3.1 base score is ...

itech TrainSmart r1044 - SQL injection Vulnerability

Exploit Title: itech TrainSmart r1044 - SQL injection Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044 allows remote...

itech TrainSmart r1044 - SQL injection

Exploit Title: itech TrainSmart r1044 - SQL injection Date: 03.02.2023 Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044...

CVE-2022-36520

creationtimestamp| type| source ---|---|--- 2022-08-25 18:37:23+00:00| seen| https://t.me/cibsecurity/48771...

CVE-2022-36520

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup...

CVE-2022-36520

CVE-2022-36520 affects the H3C GR-1200W MiniGRW1A0V100R006. The vulnerability is a stack overflow in the DEleteusergroup function. Per the NVD entry, this yields a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, and unchanged scope. ...