CVE-2026-4043

A security vulnerability has been detected in Tenda i12 1.0.0.62204. The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...

CVE-2026-4043

CVE-2026-4043 describes a stack-based buffer overflow in the Tenda i12 firmware 1.0.0.6(2204), caused by the function formwrlSSIDget in the file /goform/wifiSSIDget . The issue can be triggered remotely and has been publicly disclosed, indicating exploitability. Affected component: WiFi SSID retr...

EUVD-2026-4043

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.3...

CVE-2007-4043

file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files...

RockyLinux 8 : bluez (RLSA-2025:4043)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4043 advisory. BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability CVE-2023-27349 bluez: audio profile avrcp...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2021-4043

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0...

CVE-2012-4043

Cross-site scripting XSS vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a...

CVE-2025-4043

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot...

CVE-2025-4043 Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot...

CVE-2025-4043

CVE-2025-4043 affects Milesight UG65-868M-EA gateways (pre-60.0.0.46 firmware). An admin user can gain unauthorized write access to /etc/rc.local, which is executed at system boot, enabling persistence. Public documents describe risk as admin-command injection by a privileged user (CISA ICS advis...

CVE-2025-4043

creationtimestamp| type| source ---|---|--- 2025-05-06 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-02 2025-05-07 21:25:58+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomdj4swcov2 2025-05-08...

AlmaLinux 8 : bluez (ALSA-2025:4043)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:4043 advisory. BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability CVE-2023-27349 bluez: audio profile avrcp...

Oracle Linux 8 : bluez (ELSA-2025-4043)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4043 advisory. - Fixing CVE-2023-27349 - Fixing CVE-2023-51589 + bluez-5.63-4 - Fixing CVE-2023-50230 Tenable has extracted the preceding description block directly...

CVE-2007-4043

creationtimestamp| type| source ---|---|--- 2025-04-03 14:35:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10218...

Linux Distros Unpatched Vulnerability : CVE-2014-4043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows...

Debian: Security Advisory (DLA-4043-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-4043

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

CVE-2021-4043

creationtimestamp| type| source ---|---|--- 2024-10-03 16:24:42+00:00| exploited| https://t.me/thehackernews/5683 2024-10-24 20:07:01+00:00| seen| MISP/0d44d6b6-688f-48df-96ea-affa6978302a 2024-11-07 18:13:00+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113443024377410814...

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated...