CVE-2026-4265

creationtimestamp| type| source ---|---|--- 2026-03-17 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0300/ 2026-03-17 13:30:18+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhb3f35wpk2q 2026-04-16 11:35:11+00:00| seen|...

CVE-2011-4265

Cross-site scripting XSS vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2025-4265

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely...

CVE-2025-4265 PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely...

CVE-2025-4265 PHPGurukul Emergency Ambulance Hiring Portal contact-us.php sql injection

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack can be launched remotely...

Oracle Linux 8 : cups (ELSA-2024-4265)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4265 advisory. - 1:2.2.6-60 - RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777 - Delete the domain socket file after stopping the cups.socket service - Fix cupsd Listener...

RHEL 8 : cups (RHSA-2024:4265)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4265 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: Cupsd...

CVE-2024-4265 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.5.9 - Contributor+ Stored Cross-Site Scripting

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes ...

CVE-2024-4265

CVE-2024-4265 affects the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the url parameter, attributed to insufficient input sanitization and output escaping. Exploitation req...

CVE-2023-4265

creationtimestamp| type| source ---|---|--- 2023-08-13 02:17:48+00:00| published-proof-of-concept| https://t.me/cibsecurity/68389...

CVE-2023-4265

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359...

CVE-2023-4265

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usbdcnativeposix.cL359...

CVE-2023-4265

CVE-2023-4265 concerns potential buffer overflow vulnerabilities in Zephyr RTOS USB code. Affected areas include usb_dc_native_posix.c (Linux/Posix USB device driver) at a cited line and subsys/usb/device/class/netusb/function_rndis.c at another line. The issue is described across multiple source...

WordPress Postmatic Plugin < 2.2.10 is vulnerable to PHP Object Injection

Software Postmatic Type Plugin Vulnerable versions 2.2.10 Fixed in 2.2.10 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4265 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 96f8ea22622f Credits Lana Codes Required privilege Subscriber...

CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...

CVE-2022-4265

CVE-2022-4265 affects the Replyable WordPress plugin prior to 2.2.10. The vulnerability arises because the plugin does not validate the submitted class name when instantiating an object in the prompt_dismiss_notice action and is missing a CSRF check in the related action, enabling any authenticat...

CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...

SUSE CVE-2018-4265

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6...

CVE-2021-4265

CVE-2021-4265 concerns siwapp-ror with a cross-site scripting vulnerability arising from manipulation of unknown processing. The issue is reported as remote in nature and affects an unspecified subset of the product; no vendor/product versions are detailed in the provided documents. A patch is id...

CVE-2021-4265 siwapp-ror cross site scripting

A vulnerability was found in siwapp-ror. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 924d16008cfcc09356c87db01848e45290cb58ca. It is recommended to appl...