CVE-2026-9303

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

CVE-2026-9303 calcom cal.diy cross-site request forgery

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

CVE-2026-39482

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...

CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...

PT-2026-31121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...

MiracleLinux 9 : podman-4.9.4-5.el9_4 (AXSA:2024-8550:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8550:06 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001235)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001235 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...

WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Post Expirator versions = 4.9.3...

CVE-2023-43986

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken...

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

WordPress Post Expirator plugin <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Workflow Manipulation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Post Expirator versions = 4.9.3...

EUVD-2023-3124

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-13574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly...

CVE-2025-52795 WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4...

CVE-2025-52795 WordPress WP Front User Submit / Front Editor plugin <= 5.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Cross Site Request Forgery.This issue affects WP Front User Submit / Front Editor: from n/a through = 5.0.6...

WordPress plugin WP Front User Submit / Front Editor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress Verge3D plugin <= 4.9.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin Verge3D versions = 4.9.4...

CVE-2021-35522

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets...

Hasleo Backup Suite Free 安全漏洞

Hasleo Backup Suite Free EasyUEFI Backup Suite Free is a completely free Windows backup software from Hasleo. A security vulnerability exists in Hasleo Backup Suite Free v4.9.4 and earlier versions, which stems from the vulnerability to unsecured privileges through the file recovery feature...

PT-2024-28588

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Vouchers versions 4.9.4 and earlier Description The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables attackers to bypass capability...