Lucene search
K

14 matches found

EUVD
EUVD
added 2025/11/04 6:19 a.m.6 views

EUVD-2025-37558

In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10127160; Issue ID: MSV-4542...

4.2CVSS6.2AI score0.00078EPSS
Exploits0References2
Circl
Circl
added 2024/07/21 10:1 a.m.6 views

CVE-2024-37558

creationtimestamp| type| source ---|---|--- 2024-07-21 10:01:33+00:00| seen| https://t.me/cvedetector/1304...

5.9CVSS4.8AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 7:15 a.m.24 views

CVE-2024-37558

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...

5.9CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2024/07/21 6:51 a.m.45 views

CVE-2024-37558

CVE-2024-37558 affects the WordPress plugin WPFavicon (Nazmul Hossain Nihal) with an stored XSS due to improper neutralization of input during web page generation. The vulnerability affects the plugin for versions up to and including 2.1.1 (no newer versions indicated in the provided documents). ...

5.9CVSS5.7AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/21 6:51 a.m.26 views

CVE-2024-37558 WordPress WPFavicon plugin <= 2.1.1 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...

5.9CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/21 6:51 a.m.19 views

CVE-2024-37558 WordPress WPFavicon plugin <= 2.1.1 - Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nazmul Hossain Nihal WPFavicon allows Stored XSS.This issue affects WPFavicon: from n/a through 2.1.1...

5.9CVSS5.8AI score0.00276EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/06 12:0 a.m.13 views

WordPress WPFavicon Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WPFavicon Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-37558 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f7589e2e3c1a Credits Cronus Required privilege Administrator...

5.9CVSS7AI score0.00276EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2023/08/03 4:40 p.m.8 views

CVE-2023-37558

creationtimestamp| type| source ---|---|--- 2023-08-03 16:40:11+00:00| seen| https://t.me/cibsecurity/67670 2025-04-03 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04 2025-04-03 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-...

6.5CVSS6.3AI score0.00519EPSS
Exploits0References5
NVD
NVD
added 2023/08/03 12:15 p.m.15 views

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS6.4AI score0.00519EPSS
Exploits0References1
Prion
Prion
added 2023/08/03 12:15 p.m.17 views

Race condition

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

4CVSS6.4AI score0.00519EPSS
Exploits0References1Affected Software16
Cvelist
Cvelist
added 2023/08/03 11:6 a.m.21 views

CVE-2023-37558 CODESYS Improper Validation of Consistency within Input in multiple products

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS6.6AI score0.00519EPSS
Exploits0References1
CVE
CVE
added 2023/08/03 11:6 a.m.55 views

CVE-2023-37558

CVE-2023-37558 affects multiple Codesys products using the CODESYS Runtime System (RTS). After user authentication, specially crafted network requests with inconsistent content can cause the CmpAppForce component to read from an invalid address, potentially enabling a denial-of-service condition....

6.5CVSS6.3AI score0.00519EPSS
Exploits0References1Affected Software9
Circl
Circl
added 2021/08/03 8:28 p.m.5 views

CVE-2021-37558

creationtimestamp| type| source ---|---|--- 2021-08-03 20:28:57+00:00| seen| https://t.me/cibsecurity/26763...

9.8CVSS8.7AI score0.02115EPSS
Exploits1References1
CVE
CVE
added 2021/08/03 3:37 p.m.52 views

CVE-2021-37558

Centreon SQL injection (CVE-2021-37558) affects Centreon before 20.04.14, 20.10.8, and 21.04.2. The issue resides in a MediaWiki script and allows remote unauthenticated attackers to execute arbitrary SQL commands via host_name and service_description when a Knowledge Base URL is configured to po...

9.8CVSS9.9AI score0.02115EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder