MAL-2025-36546 Malicious code in test-mlw2-unrip-heids-wrung-styed (npm)

The package test-mlw2-unrip-heids-wrung-styed was found to contain malicious code...

CVE-2022-36546

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery CSRF via /patient/settings.php...

CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

CVE-2023-36546

creationtimestamp| type| source ---|---|--- 2023-08-08 16:14:18+00:00| seen| https://t.me/cibsecurity/67984...

CVE-2023-36546

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2021-36546

creationtimestamp| type| source ---|---|--- 2023-02-03 20:25:49+00:00| seen| https://t.me/cibsecurity/57496 2025-03-26 16:25:16+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8884...

CVE-2021-36546

Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL...

CVE-2021-36546

KiteCMS 1.1 is affected by an Incorrect Access Control issue that lets remote attackers view sensitive information by manipulating the path in the application URL. The vulnerability impacts confidentiality (C:H) with no listed impact on integrity or availability in the provided documents. The CVE...

CVE-2021-36546

Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL...

CVE-2022-36546

creationtimestamp| type| source ---|---|--- 2022-08-27 00:30:37+00:00| seen| https://t.me/cibsecurity/48930...

CVE-2022-36546

Edoc-doctor-appointment-system v1.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /patient/settings.php endpoint. The issue allows potentially malicious requests to be performed on behalf of a logged-in user. CVSS 3.1 base score 8.8 (HIGH); attack vector Network, privileges ...

EMC ApplicationXtender (KeyWorks) ActiveX Control Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3 'EMC...

EMC ApplicationXtender (KeyWorks) ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in the KeyWorks KeyHelp ActiveX Control KeyHelp.ocx 1.2.3120.0. This ActiveX Control comes bundled with EMC's Documentation ApplicationXtender 5.4. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2023-36546

CVE-2023-36546 appears with a Rejected reason in the initial document, indicating the ID was withdrawn and is not a security issue. Connected sources describe a concrete vulnerability in Winitor PEStudio (v9.52) involving a DLL hijacking flaw that can allow an attacker to execute arbitrary code b...