CVE-2024-12346

A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.

This Cyber News was published on www.tenable.com. Publication date: Mon, 09 Dec 2024 15:11:02 +0000

Cyber News related to CVE-2024-12346

CISA Flags Critical TP-Link Router Flaws Exploited in the Wild (CVE-2025-12345, CVE-2025-12346) - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding critical vulnerabilities discovered in TP-Link routers, identified as CVE-2025-12345 and CVE-2025-12346. These flaws have been actively exploited by threat ...
2 months ago Thehackernews.com CVE-2025-12345 CVE-2025-12346

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 year ago Feeds.dzone.com

Apache Tomcat Security Vulnerabilities: What You Need to Know - Apache Tomcat, a widely used open-source web server and servlet container, has recently been the focus of several critical security vulnerability disclosures. These vulnerabilities pose significant risks to organizations relying on Tomcat for their ...
1 month ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346

CVE-2024-12346 - A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. ...
11 months ago Tenable.com

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov

Android Security Alert: Google Patches Critical Vulnerabilities in Latest Update - Google has released a critical security update addressing multiple vulnerabilities in the Android operating system. These patches fix several high-severity flaws that could allow remote code execution and privilege escalation, potentially exploited ...
2 months ago Thehackernews.com CVE-2025-12345 CVE-2025-12346

Two New Supermicro BMC Bugs Allow Remote Code Execution, Root Access - In September 2025, two critical vulnerabilities were discovered in Supermicro's Baseboard Management Controller (BMC) firmware, exposing systems to remote code execution and root access. These security flaws, identified as CVE-2025-12345 and ...
2 months ago Thehackernews.com CVE-2025-12345 CVE-2025-12346

Two New Windows Zero-Days Exploited in the Wild, Microsoft Issues Emergency Patches - Microsoft has recently addressed two critical zero-day vulnerabilities actively exploited in the wild targeting Windows systems. These zero-days, identified as CVE-2025-12345 and CVE-2025-12346, allow attackers to execute arbitrary code and escalate ...
1 month ago Thehackernews.com CVE-2025-12345 CVE-2025-12346

CVE-2019-12346 - In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. ...
6 years ago

CVE-2017-12346 - Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM ...
1 year ago

CVE-2020-12346 - Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. ...
5 years ago

CVE-2025-12346 - A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the ...
1 month ago

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
1 year ago Tenable.com

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
1 year ago Securityboulevard.com

CVE-2024-9256 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9255 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9254 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9253 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9252 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9251 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9250 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9246 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com

CVE-2024-9243 - Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Doc objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote ...
1 year ago Tenable.com