CVE-2026-42746

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

EUVD-2025-42746

Malicious code in oktafian-gepuk60-riris npm...

CVE-2023-42746

In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42746

creationtimestamp| type| source ---|---|--- 2023-12-23 08:38:42+00:00| seen| https://t.me/ctinow/158728...

CVE-2023-42746

In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42746

In power manager, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2023-42746

CVE-2023-42746 is described as a local privilege-escalation due to a missing permission check in the power manager. The NVD entry notes local attack vector with low privileges required and no user interaction, and a high impact on confidentiality, integrity, and availability (CVSS 3.1 base score ...

CVE-2022-42746

creationtimestamp| type| source ---|---|--- 2022-11-03 23:26:08+00:00| seen| https://t.me/cibsecurity/52543...

CVE-2022-42746

CandidATS 3.0.0 has a cross-site scripting (XSS) vulnerability via the indexFile parameter of ajax.php. The Nuclei template and related sources describe that an attacker can inject arbitrary script into the victim’s browser, enabling cookie-based credential theft and potential session hijacking. ...