ECHO-90E4-02AE-4037

Bulletin has no description...

EUVD-2026-4037

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through = 2.3.77...

Linux Distros Unpatched Vulnerability : CVE-2021-4037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system wi...

CVE-2011-4037

Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file...

Alibaba Cloud Linux 3 : 0002: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0002)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0002 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-4037: A vulnerability was found i...

CVE-2025-4037

creationtimestamp| type| source ---|---|--- 2025-04-28 21:11:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13744 2025-04-28 23:45:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5vdgft2t 2025-04-29 00:06:15+00:00| seen|...

CVE-2025-4037 code-projects ATM Banking moneyWithdraw logic error

A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and...

Linux Distros Unpatched Vulnerability : CVE-2016-4037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ehciadvancestate function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption v...

Linux Distros Unpatched Vulnerability : CVE-2015-4037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of...

Linux Distros Unpatched Vulnerability : CVE-2010-4037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors. CVE-2010-4037 Note that...

Siemens SIMATIC and SCALANCE Devices Linux Kernel Improper Access Control (CVE-2021-4037)

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

Debian: Security Advisory (DLA-4037-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:4037-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037

CVE-2024-4037 affects the WordPress plugin WP Photo Album Plus (all versions up to 8.7.02.003). The issue is an unauthenticated shortcode-execution flaw where an action does not properly validate a value before running do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcod...

WordPress WP Photo Album Plus Plugin <= 8.7.00.003 is vulnerable to Content Injection

Software WP Photo Album Plus Type Plugin Vulnerable versions = 8.7.00.003 Fixed in 8.7.00.004 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4037 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 2c20c334a973 Credits stealthcopter Required...

GitLab 0.0 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4037)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can le...

NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0107)

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system wi...