MINI-FR2W-FF8H-4278

Bulletin has no description...

CVE-2026-4278

creationtimestamp| type| source ---|---|--- 2026-03-26 04:16:39+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4278 2026-03-26 06:08:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhwwvxa74w24...

EUVD-2026-4278

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

CVE-2023-4278

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

SUSE SLES12 Security Update : glib2 (SUSE-SU-2025:4278-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:4278-1 advisory. - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via gettmpfile bsc1249055 Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2025-4278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page...

CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

CVE-2025-4278

creationtimestamp| type| source ---|---|--- 2025-06-12 10:33:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18159 2025-06-12 11:35:08+00:00| published-proof-of-concept| Telegram/fiao7xA0oH91C7wjAlMQ2SU0Cic3eA9k5t4dM3RPWX96YFU 2025-06-12 12:53:41+00:00| seen|...

CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

GitLab 18.0 < 18.0.2 (CVE-2025-4278)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...

RHSA-2024:4278

creationtimestamp| type| source ---|---|--- 2025-05-21 01:45:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17098...

GitLab 16.5 < 17.2.8 / 17.3 < 17.3.4 / 17.4 < 17.4.1 (CVE-2024-4278)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could...

CVE-2024-4278 Incorrect Synchronization in GitLab

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...

Oracle Linux 9 : qemu-kvm (ELSA-2024-4278)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4278 advisory. - Fixing CVE-2024-4467 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested f...

AlmaLinux 9 : qemu-kvm (ALSA-2024:4278)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4278 advisory. qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write CVE-2024-4467 Tenable has extracted the preceding description block directly from the AlmaLinux...

CGA-H52J-4278-C4G3

Bulletin has no description...

Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4278-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4278-2 advisory. USN-4278-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding...

WordPress Masterstudy LMS 3.0.17 Account Creation

Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Date: 2023-09-04 Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| |...

Wordpress Masterstudy LMS Plugin - 3.0.17 - Unauthenticated Instructor Account Creation Exploit

Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| || / / | | |/ / / ...