CVE-2026-4267

creationtimestamp| type| source ---|---|--- 2026-03-31 13:19:41+00:00| seen| Telegram/GoYhMbIBJrUQVgFRnoM40D1rFway6I5o3ckcxiQjEVHvvo4 2026-03-31 14:12:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mieebxvi6c2z...

CVE-2026-4267

The CVE-2026-4267 issue affects the WordPress Query Monitor plugin (versions up to 3.20.3). It allows Reflected Cross-Site Scripting via the $_SERVER['REQUEST_URI'] parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts that exec...

MiracleLinux 7 : libgovirt-0.3.4-3.el7, spice-gtk-0.35-4.el7, spice-vdagent-0.14.0-18.el7, virt-viewer-5.0-15.el7 (AXSA:2019-4267:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4267:01 advisory. spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows CVE-2018-10893 Tenable has extracted the preceding description...

MiracleLinux 3 : hplip-1.6.7-6.1.0.1.AXS3 (AXSA:2011-09:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-09:01 advisory. The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security issues fixed with this release...

MiracleLinux 4 : hplip-3.9.8-33.AXS4.1 (AXSA:2011-29:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-29:01 advisory. The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security issues fixed with this release...

Linux Distros Unpatched Vulnerability : CVE-2018-4267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2,...

Debian dla-4267 : gnutls-bin - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4267 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4267-1 [email protected]...

DLA-4267-1 gnutls28 - security update

Bulletin has no description...

CVE-2012-4267

Cross-site scripting XSS vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter...

CVE-2025-4267

creationtimestamp| type| source ---|---|--- 2025-05-05 06:18:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14837 2025-05-05 10:01:25+00:00| seen| https://t.me/cvedetector/24442 2025-05-05 10:21:09+00:00| seen|...

CVE-2025-4267

A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchaseorder/viewpo of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection...

CVE-2025-4267 SourceCodester/oretnom23 Stock Management System Purchase Order Details Page view_po sql injection

A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchaseorder/viewpo of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection...

CVE-2025-4267 SourceCodester/oretnom23 Stock Management System Purchase Order Details Page view_po sql injection

A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchaseorder/viewpo of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection...

CVE-2021-4267

creationtimestamp| type| source ---|---|--- 2025-04-14 17:54:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11666...

AlmaLinux 8 : fontforge (ALSA-2024:4267)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4267 advisory. fontforge: command injection via crafted filenames CVE-2024-25081 fontforge: command injection via crafted archives or compressed files CVE-2024-25082...

RHEL 8 : fontforge (RHSA-2024:4267)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4267 advisory. FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1,...

CVE-2024-4267

The CVE-2024-4267 entry concerns parisneo/lollms-webui version 9.5, in the open_file (open file) function. The root cause is improper neutralization of elements in a user-controlled file path used by subprocess.Popen, allowing command injection. This enables remote code execution where an attacke...

CVE-2024-4267 Remote Code Execution in parisneo/lollms-webui

A remote code execution RCE vulnerability exists in the parisneo/lollms-webui, specifically within the 'openfile' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'openfile' function. An attacker can exploit this...

SUSE CVE-2010-4267

Stack-based buffer overflow in the hpmudgetpml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing HPLIP 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted SNMP respons...

CVE-2022-4267

The Bulk Delete Users by Email WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...