EUVD-2026-4256

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

OPENSUSE-SU-2025:20119-1 Security update for tcpreplay

This update for tcpreplay fixes the following issues: - update to 4.5.2: features added since 4.4.4 - fix/recalculate header checksum for ipv6-frag - IPv6 frag checksum support - AFXDP socket support - tcpreplay -w write into a pcap file - tcpreplay --fixhdrlen - --include and --exclude options -...

Debian: Security Advisory (DLA-4256-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4256

A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument categoryname with the inpu...

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2011-4256

The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2025-4256

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /adminpaylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and...

RockyLinux 8 : less (RLSA-2024:4256)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4256 advisory. less: OS command injection CVE-2024-32487 less: missing quoting of shell metacharacters in LESSCLOSE handling CVE-2022-48624 Tenable has extracted the...

CVE-2025-4256

creationtimestamp| type| source ---|---|--- 2025-05-05 01:18:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14820 2025-05-05 04:15:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lofj2q2rth2o 2025-05-05 05:50:26+00:00| seen|...

CVE-2025-4256

CVE-2025-4256 affects SeaCMS 13.2 in the /admin_paylog.php handler. The cstatus parameter, when manipulated, enables cross-site scripting. The flaw is exploitable remotely, and the public exploit has been disclosed. References list SeaCMS 13.2 and the vulnerable file; no vendor-provided patch/ver...

CVE-2025-4256 SeaCMS admin_paylog.php cross site scripting

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /adminpaylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and...

CVE-2022-4256

creationtimestamp| type| source ---|---|--- 2025-04-10 18:49:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11313...

Adobe Digital Editions < 4.5.2 Multiple Vulnerabilities (APSB16-28) (macOS)

The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB16-28 advisory. - Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary...

AlmaLinux 8 : less (ALSA-2024:4256)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4256 advisory. less: OS command injection CVE-2024-32487 less: missing quoting of shell metacharacters in LESSCLOSE handling CVE-2022-48624 Tenable has extracted the...

RHEL 8 : less (RHSA-2024:4256)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4256 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less...

CVE-2024-4256

Techkshetra Info Solutions Savsoft Quiz 6.0 has a cross-site scripting (XSS) vulnerability in the Category Page editCategory function (/public/index.php/Qbank/editCategory). The issue arises from manipulating the category_name parameter with input like &gt;, which allows script execution in the c...

Updated tcpreplay packages fix security vulnerabilities

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpeditdltcleanup function within plugins/dltplugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a...

Fedora: Security Advisory for tcpreplay (FEDORA-2024-b3b2a95168)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : tcpreplay (2024-ec1fba69c2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ec1fba69c2 advisory. Patch CVE-2023-4256 and CVE-2023-43279 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 38 : tcpreplay (2024-b3b2a95168)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b3b2a95168 advisory. Patch CVE-2023-4256 and CVE-2023-43279 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...