Lucene search
K

73 matches found

Circl
Circl
added 2026/03/20 4:30 a.m.2 views

CVE-2026-4038

creationtimestamp| type| source ---|---|--- 2026-03-20 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116259620635403207 2026-03-20 04:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhhomldbhz22 2026-03-20 05:52:32+00:00| seen|...

9.8CVSS5.3AI score0.003EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.342.b07-1.el9 (AXSA:2022-4038:13)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4038:13 advisory. OpenJDK: integer truncation issue in Xalan-J JAXP, 8285407 CVE-2022-34169 OpenJDK: class compilation issue Hotspot, 8281859 CVE-2022-21540 OpenJDK:...

7.5CVSS8.4AI score0.17673EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/11/04 6:20 a.m.7 views

CVE-2025-20739

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435340; Issue ID: MSV-403...

6.3AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4038

Malware in sbrugna...

6.1CVSS6.1AI score0.00685EPSS
Exploits0References3
Gitee
Gitee
added 2025/07/27 3:59 a.m.103 views

Exploit for Improper Input Validation in Samsung Samsung_Mobile

PoC exploit for CVE-2016-4038, a 0day vulnerability in System Management Mode code execution for Lenovo ThinkPad model line. The exploit targets the SystemSmmRuntimeRt UEFI driver GUID: 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E and allows arbitrary code execution in System Management Mode. The...

7.8CVSS7.9AI score0.00352EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 9:49 a.m.7 views

CVE-2011-4038

Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS6AI score0.01397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/30 9:16 p.m.18 views

CVE-2025-4038

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...

5.5CVSS7.1AI score0.0026EPSS
Exploits1References1
Circl
Circl
added 2025/04/28 9:11 p.m.7 views

CVE-2025-4038

creationtimestamp| type| source ---|---|--- 2025-04-28 21:11:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13740 2025-04-28 23:45:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5uqvbw2v 2025-04-29 00:06:15+00:00| seen|...

5.5CVSS6AI score0.0026EPSS
Exploits1References3
CVE
CVE
added 2025/04/28 9:0 p.m.79 views

CVE-2025-4038

CVE-2025-4038 affects Code-Projects Train Ticket Reservation System 1.0. The vulnerability resides in the Reservation function of the Ticket Reservation component, where manipulating the Name argument causes a stack-based buffer overflow. Local attack is required, and public disclosure of the exp...

5.5CVSS5.4AI score0.0026EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/28 9:0 p.m.18 views

CVE-2025-4038 code-projects Train Ticket Reservation System reservation stack-based overflow

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...

5.3CVSS5.5AI score0.0026EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/04/28 9:0 p.m.18 views

CVE-2025-4038 code-projects Train Ticket Reservation System reservation stack-based overflow

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...

5.3CVSS0.0026EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 1:59 p.m.15 views

CVE-2020-4038

GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...

7.4CVSS5.8AI score0.07243EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/02/03 12:0 a.m.11 views

Debian: Security Advisory (DLA-4038-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS6.9AI score0.01692EPSS
Exploits7References2
OpenVAS
OpenVAS
added 2024/11/20 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2024:4038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.7AI score0.00879EPSS
Exploits2References17
Vulnrichment
Vulnrichment
added 2024/05/09 8:3 p.m.12 views

CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution

The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...

6.5CVSS7.6AI score0.00491EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.19 views

CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution

The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...

6.5CVSS7.2AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.57 views

CVE-2024-4038

The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro WordPress plugin is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to 5.3.1. The issue arises because the plugin executes do_shortcode on a value without proper validation, enabling attackers to ...

6.5CVSS7.5AI score0.00491EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/08 12:0 a.m.9 views

WordPress Back In Stock Notifier for WooCommerce Plugin <= 5.3.1 is vulnerable to Broken Access Control

Software Back In Stock Notifier for WooCommerce Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7c0572382c3 Credits...

6.5CVSS6.5AI score0.00491EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2024/05/07 3:11 p.m.112 views

curl: Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.

Vulnerability description not provided...

8.1CVSS6.6AI score0.20459EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/18 6:22 p.m.21 views

Security Bulletin: Risks of Using the Intelligent Platform Management Interface (IPMI) on the Integrated Management Module (IMM) and Integrated Management Module II (IMM2) (CVE-2013-4038, CVE-2013-4037, CVE-2013-4031)

Summary Various risks with the Intelligent Platform Management Interface IPMI have been identified and documented in the IT security community. Because the IMM and IMM2 provide IPMI access by default, a subset of these identified risks are applicable to IBM servers that include the IMM and IMM2...

10CVSS5.8AI score0.02044EPSS
Exploits0
Rows per page
Query Builder