CVE-2026-4222

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit...

CVE-2026-4222

A vulnerability was determined in SSCMS up to 7.4.0. This vulnerability affects the function PathUtils.RemoveParentPath of the file /api/admin/plugins/install/actions/download. This manipulation of the argument path causes path traversal. Remote exploitation of the attack is possible. The exploit...

CVE-2009-4222

phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request...

CVE-2023-4222

Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

DLA-4222-1 activemq - security update

Bulletin has no description...

CVE-2022-4222

A vulnerability was found in SourceCodester Canteen Management System. It has been rated as critical. This issue affects the function query of the file ajaxinvoice.php of the component POST Request Handler. The manipulation of the argument search leads to sql injection. The attack may be initiate...

CVE-2021-4222

The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2025-4222

creationtimestamp| type| source ---|---|--- 2025-05-03 03:26:30+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loafeh4lj6c2 2025-05-03 06:05:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loaob3pibx2h 2025-05-03...

CVE-2025-4222 Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files

The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup file...

WordPress Database Toolset plugin <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files vulnerability

Unauthenticated Sensitive Information Exposure via Backup Files vulnerability discovered by Guy Shavit in WordPress Plugin Database Toolset versions = 1.8.4...

Oracle Linux 7 : pki-core (ELSA-2024-4222)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4222 advisory. - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability rhel-7.9.z jmagne - RHEL-9917 - EMBARGOED CVE-2023-4727...

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

CVE-2024-4222

CVE-2024-4222 affects the Tutor LMS Pro WordPress plugin. A missing capability check in multiple functions allows unauthenticated attackers to add, modify or delete user meta and plugin options across versions up to 2.7.0. The issue enables unauthorized data access/modification and data loss. Rem...

WordPress Tutor LMS Pro Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Pro Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4222 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 2853424c7113 Credits villu164 Required privilege...

RHSA-2019:4222

creationtimestamp| type| source ---|---|--- 2024-03-12 08:12:31+00:00| seen| https://t.me/ctinow/205361...

openSUSE: Security Advisory for libnbd (SUSE-SU-2023:4222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4222

creationtimestamp| type| source ---|---|--- 2023-12-17 14:43:01+00:00| seen| Telegram/mIPwy5H8M9OHKg2W1BARvF8Bd6ziK8Eo0A3CCNoukHA2ugwa...

CVE-2023-4222

Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

CVE-2023-4222

CVE-2023-4222 concerns Chamilo LMS versions