CVE-2026-45008

phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-45008)

Input: missing limit on max slots results in too large allocation at inputmtinitslots. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504733;...

CVE-2022-45008

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /leavesystem/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name...

Linux Distros Unpatched Vulnerability : CVE-2024-45008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since...

Unbreakable Enterprise kernel security update

4.1.12-124.92.3 - memcgwriteeventcontrol: fix a user-triggerable oops Al Viro Orabug: 37070674 CVE-2024-45021 - ocfs2: fix races between hole punching and AIO+DIO Su Yue Orabug: 36835819 CVE-2024-40943 4.1.12-124.92.2 - fbdev: savage: Handle err return when savagefbcheckvar failed Cai Xinchen...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:3559-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3559-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following securi...

BELL-CVE-2024-45008

Bulletin has no description...

CVE-2024-45008

creationtimestamp| type| source ---|---|--- 2024-09-04 22:47:15+00:00| seen| https://t.me/cvedetector/4851 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...

CVE-2024-45008 Input: MT - limit max slots

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since nobody knows possible max slots, this patch chose 1024...

CVE-2023-45008

creationtimestamp| type| source ---|---|--- 2023-10-18 12:43:45+00:00| seen| https://t.me/cibsecurity/72489...

CVE-2023-45008

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPJohnny Comment Reply Email plugin = 1.0.3 versions...

CVE-2023-45008

CVE-2023-45008 affects the WPJohnny Comment Reply Email plugin for WordPress (versions ≤ 1.0.3). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) flaw arising from insufficient input validation/escaping in the plugin, enabling an admin or higher-privileged user to ...

WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Comment Reply Email Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45008 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa87fe52845c Credits Yebin Lee Required privilege...

CVE-2022-45008

Online Leave Management System v1.0 contains a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. The flaw allows an attacker to run arbitrary web scripts or HTML by injecting a payload into the Name field under the Create New module...

CVE-2021-45008

Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...

CVE-2021-45008

CVE-2021-45008 affects Plesk CMS 18.0.37 with an insecure permissions vulnerability that enables privilege escalation from user to admin. The vendor notes this is site-specific to certain Plesk user websites. Public sources provided do not detail root cause specifics beyond access-control weaknes...