CVE-2026-4198 hypermodel-labs mcp-server-auto-commit index.ts getGitChanges command injection

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may b...

CVE-2023-4198

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2025-4198

creationtimestamp| type| source ---|---|--- 2025-05-03 03:26:53+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loafejza3l42 2025-05-03 06:05:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loaob3fxq324 2025-05-03...

CVE-2025-4198

The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...

WordPress Alink Tap plugin <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Alink Tap versions = 1.3.1...

CVE-2024-4198

A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as team admin to demote users to guests via crafted HTTP requests...

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

Rocky Linux 8 : edk2 (RLSA-2021:4198)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4198 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close ...

CVE-2023-4198

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198 Dolibarr ERP CRM (<= 17.0.3) Improper Access Control

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198 Dolibarr ERP CRM (<= 17.0.3) Improper Access Control

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198

CVE-2023-4198: Dolibarr ERP/CRM

SUSE: Security Advisory (SUSE-SU-2023:4198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : qemu (ELSA-2018-4198)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4198 advisory. - i386: Define the Virt SSBD MSR and handling of it CVE-2018-3639 Konrad Rzeszutek Wilk Orabug: 28110449 CVE-2018-3639 - i386: define the AMD 'virt-ssbd' CPUID...

CVE-2022-4198 WP Social Sharing <= 2.2 - Admin+ Stored XSS

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4198

The CVE-2022-4198 issue affects the WordPress WP Social Sharing plugin up to version 2.2. The vulnerability stems from inadequate sanitisation/escaping of some settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowe...

CVE-2021-4198

creationtimestamp| type| source ---|---|--- 2022-03-07 14:34:39+00:00| seen| https://t.me/cibsecurity/38501...

CVE-2021-4198

A NULL Pointer Dereference vulnerability in the messagingipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects:...

CVE-2021-4198 messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)

A NULL Pointer Dereference vulnerability in the messagingipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects:...

CVE-2021-4198

CVE-2021-4198 is a NULL pointer dereference in Bitdefender’s messaging_ipc.dll affecting multiple Bitdefender products. Affected versions include Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, and VPN Standalone, with vulnerable build dates prior to 26.0.3.29 (and End...