MAL-2025-37421 Malicious code in typopro-web-TypoPRO-Bitter (npm)

The package typopro-web-TypoPRO-Bitter was found to contain malicious code...

CVE-2023-37421

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2021-37421

Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass...

CVE-2024-37421

creationtimestamp| type| source ---|---|--- 2025-01-02 12:18:50+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2p4pppy25 2025-01-02 16:53:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113759800570971756...

CVE-2024-37421

Cross-Site Request Forgery CSRF vulnerability in raratheme JobScout jobscout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through = 1.1.4...

CVE-2024-37421

CVE-2024-37421 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress theme/plugin JobScout (Rara Theme JobScout). Affected: JobScout versions from n/a through 1.1.4. Root cause: CSRF flaw enabling unauthorized actions. Exploitation details are not provided in the supplied document...

CVE-2024-37421 WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme JobScout jobscout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through = 1.1.4...

WordPress JobScout Theme <= 1.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobScout Type Theme Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37421 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d35624200875 Credits Dhabaleshwar Das Required...

CVE-2023-37421

creationtimestamp| type| source ---|---|--- 2023-08-22 22:18:18+00:00| seen| https://t.me/cibsecurity/68971...

CVE-2023-37421

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

CVE-2023-37421

CVE-2023-37421 affects Aruba Networks EdgeConnect SD-WAN Orchestrator (web-based management interface). The vulnerability is an authenticated stored cross-site scripting (XSS) flaw that could allow an attacker with access to the administrative interface to inject script code executed in the victi...

CVE-2022-37421

creationtimestamp| type| source ---|---|--- 2022-11-23 07:13:34+00:00| seen| https://t.me/cibsecurity/53389...

CVE-2022-37421

Silverstripe silverstripe/cms through 4.11.0 allows XSS...

CVE-2022-37421

Silverstripe silverstripe/cms through 4.11.0 allows XSS...

CVE-2022-37421

Silverstripe CMS

CVE-2021-37421

creationtimestamp| type| source ---|---|--- 2021-08-30 22:38:43+00:00| seen| https://t.me/cibsecurity/28042 2021-09-10 18:38:03+00:00| exploited| https://t.me/truesecator/2092...

CVE-2021-37421

Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass...

CVE-2021-37421

CVE-2021-37421 affects Zoho ManageEngine ADSelfService Plus 6103 and earlier, with an access-control bypass on the admin portal (bypass via headers such as X-Forwarded-For). Public sources in connected docs confirm the vulnerability exists and that an update/patch was released (6104 and earlier u...

CVE-2021-37421

Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass...