CVE-2026-4170 Topsec TopACM HTTP Request nmc_sync.php os command injection

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

CVE-2026-4170

creationtimestamp| type| source ---|---|--- 2026-03-14 20:25:46+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116229402446700699 2026-03-15 09:00:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116232371142405027...

EUVD-2026-4170

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...

Debian: Security Advisory (DLA-4170-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-4170

creationtimestamp| type| source ---|---|--- 2025-05-03 03:26:54+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loafepda7x42 2025-05-03 06:05:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loaob45lhh2h 2025-05-03...

WordPress Xavin's Review Ratings plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Xavin's Review Ratings versions = 1.4.0...

Oracle Linux 8 : thunderbird (ELSA-2025-4170)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-4170 advisory. 128.9.0-2.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 128.9.0 - Add OpenELA debranding 128.9.0-2 - Update to 128.9.0 build3...

Linux Distros Unpatched Vulnerability : CVE-2022-4170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's...

CVE-2021-4170

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2024-4170

A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this...

CVE-2024-4170

A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this...

CVE-2024-4170

Tenda 4G300 with firmware 1.01.42 is affected by a stack-based buffer overflow in the function sub_429A30 caused by manipulation of the list1 argument. The issue can be exploited remotely and is rated Critical (CVSS 3.1/3.0 ranges showing high impact). Several connected sources confirm the behavi...

openSUSE: Security Advisory for rxvt (openSUSE-SU-2023:0306-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : rxvt-unicode (openSUSE-SU-2023:0306-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0306-1 advisory. - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to t...

OPENSUSE-SU-2023:0306-1 Security update for rxvt-unicode

This update for rxvt-unicode fixes the following issues: - Update to version 9.31: CVE-2022-4170 boo1206069 - implement a fix for CVE-2022-4170 reported and analyzed by David Leadbeater. While present in version 9.30, it should not be exploitable. It is exploitable in versions 9.25 and 9.26, at...

CVE-2023-4170

creationtimestamp| type| source ---|---|--- 2023-08-16 16:18:20+00:00| seen| https://t.me/cibsecurity/67814...

CVE-2023-4170

DedeBIZ 6.2.10 is affected, with the Article Handler component enabling cross-site scripting. The issue is exploitable remotely and is publicly disclosed (CVE-2023-4170, VDB-236186). Red Hat/EUVD/CNVD/CVE records corroborate XSS in this version. Root cause detail is not disclosed in the documents...

RHEL 8 : java-17-openjdk (RHSA-2023:4170)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4170 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixe...

[slackware-security] rxvt-unicode

New rxvt-unicode packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rxvt-unicode-9.26-i586-3slack15.0.txz: Rebuilt. When the "background" extension was loaded, an attacker able to control the dat...

Slackware Linux 15.0 / current rxvt-unicode Vulnerability (SSA:2023-003-02)

The version of rxvt-unicode installed on the remote host is prior to 9.26. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-003-02 advisory. - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can contr...