73 matches found
CVE-2026-4038
creationtimestamp| type| source ---|---|--- 2026-03-20 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116259620635403207 2026-03-20 04:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhhomldbhz22 2026-03-20 05:52:32+00:00| seen|...
MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.342.b07-1.el9 (AXSA:2022-4038:13)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4038:13 advisory. OpenJDK: integer truncation issue in Xalan-J JAXP, 8285407 CVE-2022-34169 OpenJDK: class compilation issue Hotspot, 8281859 CVE-2022-21540 OpenJDK:...
CVE-2025-20739
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435340; Issue ID: MSV-403...
EUVD-2020-4038
Malware in sbrugna...
Exploit for Improper Input Validation in Samsung Samsung_Mobile
PoC exploit for CVE-2016-4038, a 0day vulnerability in System Management Mode code execution for Lenovo ThinkPad model line. The exploit targets the SystemSmmRuntimeRt UEFI driver GUID: 7C79AC8C-5E6C-4E3D-BA6F-C260EE7C172E and allows arbitrary code execution in System Management Mode. The...
CVE-2011-4038
Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2025-4038
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...
CVE-2025-4038
creationtimestamp| type| source ---|---|--- 2025-04-28 21:11:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13740 2025-04-28 23:45:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnvx5uqvbw2v 2025-04-29 00:06:15+00:00| seen|...
CVE-2025-4038
CVE-2025-4038 affects Code-Projects Train Ticket Reservation System 1.0. The vulnerability resides in the Reservation function of the Ticket Reservation component, where manipulating the Name argument causes a stack-based buffer overflow. Local attack is required, and public disclosure of the exp...
CVE-2025-4038 code-projects Train Ticket Reservation System reservation stack-based overflow
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...
CVE-2025-4038 code-projects Train Ticket Reservation System reservation stack-based overflow
A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking...
CVE-2020-4038
GraphQL Playground graphql-playground-html NPM package before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Not...
Debian: Security Advisory (DLA-4038-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:4038-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution
The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...
CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution
The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...
CVE-2024-4038
The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro WordPress plugin is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to 5.3.1. The issue arises because the plugin executes do_shortcode on a value without proper validation, enabling attackers to ...
WordPress Back In Stock Notifier for WooCommerce Plugin <= 5.3.1 is vulnerable to Broken Access Control
Software Back In Stock Notifier for WooCommerce Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4038 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7c0572382c3 Credits...
curl: Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.
Vulnerability description not provided...
Security Bulletin: Risks of Using the Intelligent Platform Management Interface (IPMI) on the Integrated Management Module (IMM) and Integrated Management Module II (IMM2) (CVE-2013-4038, CVE-2013-4037, CVE-2013-4031)
Summary Various risks with the Intelligent Platform Management Interface IPMI have been identified and documented in the IT security community. Because the IMM and IMM2 provide IPMI access by default, a subset of these identified risks are applicable to IBM servers that include the IMM and IMM2...