89 matches found
ECHO-4358-8DA1-DCB5
Bulletin has no description...
CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
MongoDB 7.0.x < 7.0.31 / 8.0.x < 8.0.20 / 8.2.x < 8.2.6 / 8.3.0-rc0 Double Free (SERVER-118849)
The version of MongoDB installed on the remote host is 7.0 prior to 7.0.31, 8.0 prior to 8.0.20, 8.2 prior to 8.2.6, and 8.3.0-rc0. It is, therefore, affected by a vulnerability as referenced in the SERVER-118849 advisory. - A specially crafted aggregation query with $lookup by an authenticated...
Linux Distros Unpatched Vulnerability : CVE-2026-4358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the...
UBUNTU-CVE-2026-4358
A specially crafted aggregation query with $lookup by an authenticated user with write privileges can cause a double-free or use-after-free memory issue in the slot-based execution SBE engine when an in-memory hash table is spilled to disk...
EUVD-2012-4302
Malware in sbrugna...
CVE-2022-4358
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2025-4358
creationtimestamp| type| source ---|---|--- 2025-05-06 18:39:54+00:00| exploited| https://t.me/cvedetector/24618 2025-05-15 07:33:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16456...
CVE-2025-4358 PHPGurukul Company Visitor Management System admin-profile.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument adminname/mobilenumber leads to sql injection. It is possible to launch the attack remotely...
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
Exploit Title: Progress Telerik Report Server 2024 Q1 10.0.24.305 - Authentication Bypass Fofa Dork: title="Telerik Report Server" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4358 Vendor Homepage: https://www.telerik.com/report-server Software...
Telerik Report Server Auth Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telerik Report Server Auth Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in Telerik Report Server...
Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024
PoC exploit for CVE-2024-4358 and CVE-2024-1800, a deserializati...
Telerik Report Server Auth Bypass and Deserialization RCE
This module chains an authentication bypass vulnerability CVE-2024-4358 with a deserialization vulnerability CVE-2024-1800 to obtain remote code execution against Telerik Report Server version 10.0.24.130 and prior. The authentication bypass flaw allows an unauthenticated user to create a new use...
Telerik Report Server Authentication Bypass / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Telerik Report Server Auth Bypass and Deserialization RCE', 'Description' = %q This module chains an authentication bypass...
Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024
This is a PoC exploit for CVE-2024-4358, an authentication bypas...
CGA-928J-4358-26F4
Bulletin has no description...
Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024
CVE-2024-4358MassExploit Modified tools from @sinsinology to...
Progress Telerik Report Server Authentication Bypass (CVE-2024-4358) (Direct Check)
Binary data telerikreportservercve-2024-4358.nbin...
Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024
CVE-2024-4358 / CVE-2024-1800 Telerik Report Server deserializ...
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8...