EUVD-2026-4089

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through = 3.0.7...

CVE-2022-4089

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2021-4089

snipe-it is vulnerable to Improper Access Control...

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2025-4089

CVE-2025-4089 is a vulnerability in Mozilla Firefox and Thunderbird related to insufficient escaping in the copy as cURL feature. The impact is local code execution on the user’s system if an attacker lures the user to run a crafted command. Affected software is Firefox and Thunderbird before 138...

Debian: Security Advisory (DLA-4089-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:4089-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4089

creationtimestamp| type| source ---|---|--- 2024-10-11 18:42:47+00:00| seen| https://t.me/cvedetector/7700...

WAGO PFC200 Series Externally Controlled Reference to a Resource in Another Sphere (CVE-2023-4089)

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. This plugin only works with Tenable.ot. Please visit...

CVE-2023-4089

CVE-2023-4089 affects multiple WAGO devices (e.g., PFC200, PFC100, CC100, Edge Controller, and related Touch Panels) with an externally controlled reference to a resource in another sphere. The vulnerability enables a remote attacker with administrative privileges to access files they already cou...

CVE-2023-4089 WAGO: Multiple products vulnerable to local file inclusion

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...

CVE-2022-4089

creationtimestamp| type| source ---|---|--- 2022-11-24 12:24:53+00:00| seen| https://t.me/cibsecurity/53469...

CVE-2022-4089

The CVE-2022-4089 entry concerns the Rickxy Stock Management System. Affected component: the login processing page /pages/processlogin.php. Root cause: manipulation of the user argument enables cross-site scripting. Impact: results in client-side script execution, with exploitation possible remot...

CVE-2022-4089 rickxy Stock Management System processlogin.php cross site scripting

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2021-4089

creationtimestamp| type| source ---|---|--- 2021-12-10 22:25:17+00:00| seen| https://t.me/cibsecurity/33758...

CVE-2021-4089

snipe-it is vulnerable to Improper Access Control...

CVE-2021-4089

Snipe-IT is affected by an Improper Access Control vulnerability (CVE-2021-4089) affecting versions prior to 5.3.4. The issue arises because regular users with DENY to all models permissions can still view model data via the /models/{id}/clone endpoint due to missing authorize('view') checks. Imp...

RHEL 8 : java-1.8.0-ibm (RHSA-2021:4089)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4089 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

CVE-2020-4089

CVE-2020-4089 affects HCL Notes (versions 9, 10, and 11). The vulnerability is an information leakage via the product’s support for the mailto protocol, which could cause files from the user’s filesystem or connected network filesystems to be leaked to a third party. Root cause details are not el...