CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

CVE-2025-41657 AUMA: Incorrect delivery status of the Bluetooth configuration

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker...

CVE-2025-41657

CVE-2025-41657 concerns an undocumented active Bluetooth stack that enables fingerprinting by an unauthenticated adjacent attacker. Connected sources tie this to AUMA PROFOX and AUMA AC1.2 (and related products) with affected delivery window 01-01-2024 to 09-05-2025. The underlying issue is the p...

CVE-2025-41657 AUMA: Incorrect delivery status of the Bluetooth configuration

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

CVE-2024-41657

creationtimestamp| type| source ---|---|--- 2024-08-20 23:49:43+00:00| seen| https://t.me/cvedetector/3691...

CVE-2023-41657

creationtimestamp| type| source ---|---|--- 2023-09-29 18:37:52+00:00| seen| https://t.me/cibsecurity/71302...

CVE-2023-41657

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Groundhogg Inc. HollerBox plugin = 2.3.2 versions...

CVE-2023-41657

CVE-2023-41657 describes an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Groundhogg HollerBox WordPress plugin, affecting versions

WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Software HollerBox Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41657 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 33a61ccd5728 Credits Rio Darmawan Required privile...

CVE-2022-41657

creationtimestamp| type| source ---|---|--- 2022-10-31 23:13:21+00:00| seen| https://t.me/cibsecurity/52316...

CVE-2022-41657

Delta Electronics InfraSuite Device Master (versions 00.00.01a and earlier) is affected by multiple CVEs describing an in-memory deserialization/vector issue in file operation APIs that can lead to arbitrary file creation and remote code execution. ZDI advisories for CtrlLayerNWCmd_FileOperation ...

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

Delta Electronics InfraSuite Device Master

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Deserialization of Untrusted Data, Path Traversal, Missing Authentication for Critical Function 2. UPDATE OR REPOSTED INFORMATION...

CVE-2021-41657

creationtimestamp| type| source ---|---|--- 2022-03-10 20:22:53+00:00| seen| https://t.me/cibsecurity/38692...

CVE-2021-41657

SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack...

CVE-2021-41657

SmartBear CodeCollaborator v6.1.6102 contains a web UI vulnerability that enables clickjacking. The affected component is the CodeCollaborator web UI; the underlying issue is an insecure handling of embedded frames that allows an attacker to render a hidden frame and trick an authenticated user i...