MAL-2025-37437 Malicious code in typopro-web-TypoPRO-Inconsolata (npm)

The package typopro-web-TypoPRO-Inconsolata was found to contain malicious code...

CVE-2024-37437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through = 3.22.1...

CVE-2023-37437

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modif...

CVE-2024-37437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through = 3.22.1...

CVE-2024-37437

CVE-2024-37437 affects Elementor Website Builder (WordPress plugin) up to version 3.22.1. Root cause: improper restriction of pathnames leading to a Path Traversal; impact includes arbitrary SVG download and potential Cross-Site Scripting (stored XSS) as indicated by multiple sources. Mitigation:...

CVE-2024-37437 WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting XSS, Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1...

WordPress Elementor Website Builder Plugin <= 3.22.1 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Website Builder Type Plugin Vulnerable versions = 3.22.1 Fixed in 3.22.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37437 Patch priority Low CVSS severity Low 5.5 Developer Elementor PSID a41c27164cdd Credits stealthcopter Required privilege...

CVE-2023-37437

CVE-2023-37437 describes multiple SQL injection vulnerabilities in the web-based management interface of Aruba EdgeConnect SD-WAN Orchestrator. An authenticated remote attacker could exploit these flaws to read and modify data in the underlying database, potentially leading to exposure and corrup...

CVE-2023-37437 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37437 Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

Splunk Enterprise 9.0.0 < 9.0.1 (SVD-2022-0801)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2022-0801 advisory. - When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service S3 in Splunk Web, TLS...

CVE-2022-37437

creationtimestamp| type| source ---|---|--- 2022-08-18 12:44:23+00:00| exploited| https://t.me/truesecator/3306 2022-08-19 21:16:32+00:00| seen| https://t.me/ctinow/59236...

CVE-2022-37437

Summary: CVE-2022-37437 affects Splunk Enterprise 9.0.0 when using Ingest Actions to configure an S3 destination via Splunk Web. The root cause is that TLS certificate validation is not correctly performed and tested for the destination, and this only impacts connections through Splunk Web with T...

CVE-2022-37437 Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service S3 in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions...

CAJViewer suffers from a memory corruption vulnerability (CNVD-2021-37437)

CAJviewer is a specialized full-text format reader for China Journal Network CJN, which supports TEB, NH, CAJ, KDH and PDF files of CJN. CAJViewer suffers from a memory corruption vulnerability. An attacker can exploit this vulnerability to cause the program to crash...