CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

CVE-2024-47273

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

EUVD-2024-55608

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

CVE-2024-47273

CVE-2024-47273 concerns Synology Hyper Backup’s Backup Task component. The vulnerability arises from an improper limitation of a pathname to a restricted directory (a path traversal issue) that, in versions prior to 4.1.2-4036, enables remote authenticated users to write specific files via unspec...

PT-2026-45931

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors...

CVE-2026-4036

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:11+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanes5drn2e...

CVE-2025-20740

In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435337; Issue ID: MSV-4036...

CVE-2011-4036

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2025-4036

creationtimestamp| type| source ---|---|--- 2025-04-28 20:11:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13726 2025-04-28 23:45:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5vaqci2h 2025-04-29 00:06:28+00:00| seen|...

CVE-2025-4036 201206030 Novel Chapter AuthorController.java updateBookChapter access control

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access...

CVE-2025-4036 201206030 Novel Chapter AuthorController.java updateBookChapter access control

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access...

CVE-2025-4036

CVE-2025-4036 affects Novel 201206030, version 3.5.0, specifically the updateBookChapter function in Chapter Handler (AuthorController.java). The root cause is improper access controls, enabling a remote attack. Public exploit disclosure is noted across multiple feeds. Some sources (e.g., PT-2025...

CVE-2024-4036

creationtimestamp| type| source ---|---|--- 2025-02-20 23:26:57+00:00| seen| Telegram/D4B5o6i6-OisYcFTXwafGGRmnHynmJym7IeLfdERABGoDH...

openSUSE Security Advisory (SUSE-SU-2024:4036-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : thunderbird (RLSA-2024:4036)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4036 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...

AlmaLinux 8 : thunderbird (ALSA-2024:4036)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4036 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...

Oracle Linux 8 : thunderbird (ELSA-2024-4036)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-4036 advisory. 115.12.1-1.0.1 - Add Oracle prefs file 115.12.1 - Add OpenELA debranding 115.12.1-1 - Update to 115.12.1 build1 115.12.0-2 - Update to 115.12.0 build2...

RHEL 8 : thunderbird (RHSA-2024:4036)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4036 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes:...

WordPress Sydney Toolbox Plugin <= 1.30 is vulnerable to Cross Site Scripting (XSS)

Software Sydney Toolbox Type Plugin Vulnerable versions = 1.30 Fixed in 1.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4036 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97f6b8b5f562 Credits stealthcopter Required...