CVE-2026-40595

creationtimestamp| type| source ---|---|--- 2026-04-30 19:46:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkqevntsov2r 2026-04-30 21:51:53+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkqlwhmhop2f...

CVE-2024-40595

An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions SPS On Premise before 7.5.1 and LTS before 7.0.5.1 allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol informatio...

SonicWall SMA 1000 Series < 12.4.3-02963 SSRF (SNWLID-2025-0010)

The remote host is a SonicWall SMA 1000 Series device that may be affected by a server-side request forgery SSRF vulnerability. An SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cau...

CVE-2025-40595

creationtimestamp| type| source ---|---|--- 2025-05-14 17:32:25+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16353 2025-05-14 17:37:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114507399804928019 2025-05-16 03:17:34+00:00| seen|...

CVE-2025-40595

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

CVE-2025-40595

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

SonicWall SMA1000 Encoded URL SSRF Vulnerability

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.IMPORTANT: SonicWall PSIRT strongly advises...

CVE-2024-40595

creationtimestamp| type| source ---|---|--- 2024-10-24 09:17:31+00:00| seen| https://t.me/cvedetector/8775...

CVE-2023-40595 Remote Code Execution via Serialized Session Payload

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code...

CVE-2023-40595

CVE-2023-40595 affects Splunk Enterprise prior to 8.2.12, 9.0.6, and 9.1.1. The issue arises from a deserialization flaw in the Splunk Web interface that allows an attacker to send a specially crafted query to serialize untrusted data, enabling arbitrary code execution. Exploitation details in co...

Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0804)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0804 advisory. - In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that the...

CVE-2021-40595

creationtimestamp| type| source ---|---|--- 2022-01-21 22:13:36+00:00| seen| https://t.me/cibsecurity/36047...

CVE-2021-40595

Affected software: SourceCodester Online Leave Management System v1. The CVE-2021-40595 issue is a SQL injection in the login flow: the username parameter sent to /leave_system/classes/Login.php can be used to execute arbitrary SQL commands. Root cause described as insufficient filtering/escaping...

Xitami 2.5c2 Web Server If-Modified-Since Overflow

No description provided by source. $Id: xitamiifmodsince.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Xitami 2.5c2 Web Server If-Modified-Since Overflow

This module exploits a stack buffer overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. Th...

CVE-2022-40595

CVE-2022-40595 is a rejected entry and not used per the initial description.