@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +601 more potentially affected by unknown CVE via timeago.js (>=4.0.0-beta.1 <=4.0.2)

timeago.js NPM version =4.0.0-beta.1, =0.0.0-20250314205219, =0.0.0-20250305153405, =0.10.0, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =1.16.33-beta-20241028-005826-60afb7c4, =1.8.68, =1.8.40, =1.8.68, =0.21.2, =1.0.12, =1.13.1, =1.17.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4156...

CVE-2026-4156

creationtimestamp| type| source ---|---|--- 2026-03-17 02:52:11+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116242247253222316 2026-04-11 03:21:29+00:00| seen| Telegram/9p2zwy9MZzhVwoc6VK1G-jeZ0lfiSFc0xC5yOTrHz-Zg8Sw 2026-04-11 05:52:01+00:00| seen|...

EUVD-2026-4156

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

MiracleLinux 8 : libsndfile-1.0.28-12.el8 (AXSA:2022-3352:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3352:01 advisory. libsndfile: heap out-of-bounds read in src/flac.c in flacbuffercopy CVE-2021-4156 Tenable has extracted the preceding description block directly from the...

[SECURITY] [DLA 4402-1] libsndfile security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4402-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 11, 2025 https://wiki.debian.org/LTS -...

Debian dla-4402 : libsndfile1 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4402 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4402-1 [email protected] https://www.debian.org/lts/security/...

CLSA-2025-1751619853 gawk: Fix of CVE-2023-4156

CVE-2023-4156: fix heap out-of-bounds read flaw in builtin.c to prevent potential crash and information leakage...

CVE-2022-4156

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...

CVE-2014-4156

Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability...

Alibaba Cloud Linux 3 : 0209: libsndfile (ALINUX3-SA-2022:0209)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0209 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-4156: An out-of-bounds read flaw was found...

DLA-4156-1 openssh - security update

Bulletin has no description...

CVE-2025-4156

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-4156

creationtimestamp| type| source ---|---|--- 2025-05-01 08:14:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14248 2025-05-01 09:55:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo426brmcb2o 2025-05-01 12:19:25+00:00| seen|...

CVE-2025-4156 PHPGurukul Boat Booking System change-image.php sql injection

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-4156 PHPGurukul Boat Booking System change-image.php sql injection

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2023-4156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information...

Linux Distros Unpatched Vulnerability : CVE-2021-4156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to...

Ubuntu: Security Advisory (USN-7273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2022 : libsndfile, libsndfile-devel, libsndfile-utils (ALAS2022-2022-026)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-026 advisory. An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linke...

RHEL 9 : gawk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - gawk: heap out of bound read in builtin.c CVE-2023-4156 Note that Nessus has not tested for this issue but has...