IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

CVE-2026-4061

creationtimestamp| type| source ---|---|--- 2026-05-05 23:33:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3ml5dw2bfnu2a...

EUVD-2026-4061

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through = 2.0.2...

📄 IBM BigFix Platform 9.2 Information Disclosure

IBM BigFix Platform version 9.2 information gathering proof of concept exploit. ============================================================================================================================================= | Title : IBM BigFix Platform 9.2 gather information Vulnerability | | Auth...

CVE-2023-4061

creationtimestamp| type| source ---|---|--- 2025-10-23 22:46:29+00:00| seen| Telegram/wJZIHXyulUhCfnzcUxi78Bls5nv2Nd02KaD6sbZdH2jehI...

CVE-2024-4061

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4061

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP...

CVE-2025-4061

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has bee...

CVE-2025-4061

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has bee...

CVE-2025-4061 code-projects Clothing Store Management System add_item stack-based overflow

A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function additem. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has bee...

Debian: Security Advisory (DLA-4061-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM BigFix Relay Server Sites and Package Enum

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM BigFix Relay Server Sites and Package Enum', 'Description' = %q This module retrieves masthead, site, and available package information from...

CVE-2024-4061

creationtimestamp| type| source ---|---|--- 2024-05-24 07:56:57+00:00| published-proof-of-concept| https://t.me/openSource3/133 2025-03-28 23:29:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9497...

CVE-2024-4061 Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4061

CVE-2024-4061 affects the Survey Maker WordPress plugin prior to 4.2.9. It fails to sanitize/escape certain plugin settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. A fix is available in 4.2.9+; upgrading is recommended. If upgrading isn...

CVE-2024-4061 Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

com.bertoncelj.wildflysingletonservice:wildfly-singleton-service (=1.0.1), com.github.jamesnetherton:wildfly-liquibase-testextension (>=0.7.0 <=2.2.0) +364 more potentially affected by CVE-2023-4061 via org.wildfly.core:wildfly-controller (>=10.0.0.Beta1 <=22.0.0.Beta3)

org.wildfly.core:wildfly-controller MAVEN version =10.0.0.Beta1, =0.7.0, =8.0.0.Final, =0.4.0, =0.4.0, =0.4.0, =2.6.0.Final, =2.6.0.Final, =2.6.0.Final, =1.9.0, =2.6.0.Final, =1.8.1, =1.8.1, =1.8.1, =2.7.0 and more Source cves: CVE-2023-4061 Source advisory: OSV:GHSA-26QX-4M49-6CFR...

CVE-2023-4061

CVE-2023-4061 concerns WildFly Core. Affected component: the HAL Interface in WildFly Core, where a management user could use resolve-expression to read possible sensitive information from the system, enabling exposure of system properties to an unauthorized actor. The vulnerability is mitigated ...

CVE-2023-4061 Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

CVE-2023-4061 Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...