CVE-2026-4290

creationtimestamp| type| source ---|---|--- 2026-05-29 17:03:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyze2gkgz2i 2026-05-30 21:01:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3x3mmnov2p...

EUVD-2026-4290

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the changeparams.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution...

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

EUVD-2020-4290

Malware in sbrugna...

CVE-2025-4290 PCMan FTP Server SMNT Command buffer overflow

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SMNT Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-4290

creationtimestamp| type| source ---|---|--- 2025-05-05 12:14:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114455168481283467 2025-05-05 22:19:46+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15009 2025-05-06 00:21:54+00:00| seen|...

CVE-2021-4290

creationtimestamp| type| source ---|---|--- 2025-04-14 16:53:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11644...

CVE-2007-4290

creationtimestamp| type| source ---|---|--- 2025-01-17 14:56:41+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2132...

CVE-2024-4290

creationtimestamp| type| source ---|---|--- 2024-05-25 18:20:50+00:00| published-proof-of-concept| https://t.me/openSource3/134 2024-06-06 08:20:41+00:00| published-proof-of-concept| https://t.me/DARKSPOTTEAM/695 2024-06-06 08:20:41+00:00| published-proof-of-concept|...

CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4290

The CVE-2024-4290 entry concerns Sailthru Triggermail WordPress plugin (versions

openSUSE: Security Advisory for redis (SUSE-SU-2023:4290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress WP Matterport Shortcode Plugin < 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Matterport Shortcode Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4290 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f614e386ab6 Credits Erwan LR...

CVE-2023-4290

The CVE-2023-4290 entry affects the WP Matterport Shortcode WordPress plugin prior to version 2.1.7. The underlying issue is a reflected XSS caused by not escaping the PHP_SELF server variable when outputting it in attribute values, enabling an attacker to target high-privilege users such as admi...

CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

Moderate: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Wireshark 1.4.x < 1.4.15 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.4.15 advisory. - Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before...

WordPress Cyr to Lat Plugin <= 3.5 is vulnerable to SQL Injection

Software Cyr to Lat Type Plugin Vulnerable versions = 3.5 Fixed in 3.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-4290 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID e6c575e2011e Credits Ramuel Gall Required privilege Contributor Published 14...

CVE-2021-4290

A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is...

CVE-2021-4290 DHBW Fallstudie Login passport.js sql injection

A vulnerability was found in DHBW Fallstudie. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file app/config/passport.js of the component Login. The manipulation of the argument id/email leads to sql injection. The name of the patch is...