14 matches found
EUVD-2025-37558
In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542...
CVE-2024-37558
creationtimestamp| type| source ---|---|--- 2024-07-21 10:01:33+00:00| seen| https://t.me/cvedetector/1304...
CVE-2024-37558
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...
CVE-2024-37558
CVE-2024-37558 affects the WordPress plugin WPFavicon (Nazmul Hossain Nihal) with an stored XSS due to improper neutralization of input during web page generation. The vulnerability affects the plugin for versions up to and including 2.1.1 (no newer versions indicated in the provided documents). ...
CVE-2024-37558 WordPress WPFavicon plugin <= 2.1.1 - Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...
CVE-2024-37558 WordPress WPFavicon plugin <= 2.1.1 - Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...
WordPress WPFavicon Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPFavicon Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-37558 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f7589e2e3c1a Credits Cronus Required privilege Administrator...
CVE-2023-37558
creationtimestamp| type| source ---|---|--- 2023-08-03 16:40:11+00:00| seen| https://t.me/cibsecurity/67670 2025-04-03 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04 2025-04-03 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-...
CVE-2023-37558
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...
Race condition
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...
CVE-2023-37558 CODESYS Improper Validation of Consistency within Input in multiple products
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...
CVE-2023-37558
CVE-2023-37558 affects multiple Codesys products using the CODESYS Runtime System (RTS). After user authentication, specially crafted network requests with inconsistent content can cause the CmpAppForce component to read from an invalid address, potentially enabling a denial-of-service condition....
CVE-2021-37558
creationtimestamp| type| source ---|---|--- 2021-08-03 20:28:57+00:00| seen| https://t.me/cibsecurity/26763...
CVE-2021-37558
Centreon SQL injection (CVE-2021-37558) affects Centreon before 20.04.14, 20.10.8, and 21.04.2. The issue resides in a MediaWiki script and allows remote unauthenticated attackers to execute arbitrary SQL commands via host_name and service_description when a Knowledge Base URL is configured to po...