CVE-2026-4088 Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...

EUVD-2026-4088

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

MiracleLinux 4 : abrt-2.0.8-6.0.1.AXS4, btparser-0.16-3.AXS4, libreport-2.0.9-5.0.1.AXS4, python-meh-0.12.1-3.AXS4 (AXSA:2012-870:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-870:02 advisory. Description of problem: abrt abrt is a tool to help users to detect defects in applications and to create a bug report with all informations needed b...

CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox 1...

CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox 1...

CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in...

CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in...

CVE-2025-4088 Cross-site request forgery via storage access API redirects

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in...

CVE-2025-4088

CVE-2025-4088 describes a cross-origin CSRF issue in Thunderbird (and affected Firefox) where malicious sites could exploit Redirects via the Storage Access API to send credentialed requests to arbitrary endpoints. Affected products: Firefox &lt; 138 and Thunderbird

openSUSE Security Advisory (SUSE-SU-2024:4088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4088

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...

CVE-2024-4088

CVE-2024-4088 affects Gutenberg Blocks and Page Layouts – Attire Blocks for WordPress. The vulnerability arises from a missing capability check in the disable_fe_assets function (affecting all versions up to 1.9.2) which can allow authenticated attackers with subscriber access or higher to modify...

CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...

WordPress Attire Blocks Plugin <= 1.9.2 is vulnerable to Broken Access Control

Software Attire Blocks Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4088 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 35f417924a63 Credits Benedictus Jovan aillesiM Requir...

Mitsubishi Electric FA Engineering Software (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...

CVE-2023-4088

creationtimestamp| type| source ---|---|--- 2023-09-20 07:29:56+00:00| seen| https://t.me/cibsecurity/70757...

CVE-2023-4088

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service DoS condition, if the...

CVE-2023-4088 Malicious Code Execution Vulnerability in FA Engineering Software Products

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service DoS condition, if the...

CVE-2023-4088 Malicious Code Execution Vulnerability in FA Engineering Software Products

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service DoS condition, if the...

CVE-2023-4088

CVE-2023-4088 describes an "Incorrect Default Permissions" flaw in Mitsubishi Electric FA Engineering Software products. The CISA advisory (ICS-CISA ICSA-23-269-03) lists multiple affected products (e.g., AL-PCS/WIN-E, GX Works2/3, GT Designer3, MELSOFT tools, Data Transfer, etc.) across all vers...