11 matches found
MAL-2025-37418 Malicious code in typopro-web-TypoPRO-Asap (npm)
The package typopro-web-TypoPRO-Asap was found to contain malicious code...
CVE-2024-37418
creationtimestamp| type| source ---|---|--- 2024-07-09 13:56:02+00:00| seen| https://t.me/cvedetector/318...
CVE-2024-37418
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6...
CVE-2024-37418
CVE-2024-37418 is an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Church Admin (affected up to 4.4.6). The issue allows uploading a web shell to the web server and is rated critical (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H; base score 9.9). Public sources in the c...
CVE-2024-37418 WordPress Church Admin plugin <= 4.4.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.4.6...
WordPress Church Admin Plugin <= 4.4.6 is vulnerable to Arbitrary File Upload
Software Church Admin Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-37418 Patch priority High CVSS severity High 9.9 Developer Andy Moyle PSID 3fae9e77c92b Credits Peng Zhou Required privilege Subscriber Publish...
CVE-2023-37418
CVE-2023-37418 affects GTKWave, with multiple out-of-bounds write vulnerabilities in the VCD parse_valuechange portdump functionality (and related vcd2vzt conversion). A specially crafted VCD file can lead to arbitrary code execution when opened, per the initial entry and corroborating Debian/Fed...
CVE-2022-37418
creationtimestamp| type| source ---|---|--- 2022-08-24 12:22:28+00:00| seen| https://t.me/cibsecurity/48634 2025-08-15 15:00:06+00:00| published-proof-of-concept| Telegram/Olq0FhY4DAGM0IoqeGbjJtXzvAunOMRob1gJEPg1rMPHws...
CVE-2022-37418
The CVE-2022-37418 issue concerns the Remote Keyless Entry (RKE) receiving unit used in Nissan, Kia, and Hyundai vehicles through 2017. The vulnerability arises when an attacker captures two consecutive valid key fob signals over the radio, enabling a RollBack replay attack that allows the attack...
CVE-2021-37418
CVE-2021-37418 is a duplicate/reserved entry for CVE-2021-31874. Connected sources confirm the underlying issue affects Zoho ManageEngine ADSelfService Plus prior to 6104, where, in rare situations, an information disclosure vulnerability could allow an attacker to obtain sensitive information fr...
CVE-2021-37418
...