ExponentCMS <= 2.6 - Host Header Injection

An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. id: CVE-2021-38751 info: name: ExponentCMS = 2.6 - Host Header Injection author:...

CVE-2026-38751

creationtimestamp| type| source ---|---|--- 2026-04-23 15:00:13+00:00| published-proof-of-concept| Telegram/7RYD-KdzD7Ne0F0JHI5ZiA7kNScXDMi5uB6zWqPs3lSPss 2026-04-23 21:00:04+00:00| published-proof-of-concept| Telegram/iDpciKSSZoAuKLzHCBxsxmN8Po66tQiLuLn1GSrxH7iP5o 2026-04-24 06:00:05+00:00|...

MAL-2025-38751 Malicious code in walnut-udon-6v91 (npm)

The package walnut-udon-6v91 was found to contain malicious code...

CVE-2024-20390

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

CVE-2022-38751 affecting package snakeyaml 1.25-2

CVE-2022-38751 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...

CVE-2024-38751

creationtimestamp| type| source ---|---|--- 2025-01-02 12:19:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ler2qydsz72m 2025-01-02 18:23:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113760154895104139...

CVE-2024-38751 WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP ads-for-wp allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through = 1.9.28...

CVE-2024-38751 WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through 1.9.28...

CVE-2024-20390

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...

CVE-2024-20390 Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could explo...

PT-2024-10398 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Dedicated XML Agent feature could allow an unauthenticated, remote attacker to cause a denial of service DoS on XML TCP listen port 38751. This issue is...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

Amazon Linux 2 : snakeyaml (ALAS-2024-2403)

The version of snakeyaml installed on the remote host is prior to 1.11-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2403 advisory. Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is runnin...

CVE-2023-38751

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation...

CVE-2023-38751

CVE-2023-38751 affects Special Interest Group Network for Analysis and Liaison’s Inter-SOC Cooperation API. The vulnerability is an improper authorization in the Information Provision function, enabling authorized API users to view the information receiver’s organization data that is marked as no...

JVN#83334799: Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API

Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 - CVE-2023-38751...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...