EUVD-2026-4297

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

CVE-2025-20751

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2025:4297-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4297-1 advisory. Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of...

EUVD-2025-200164

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

CVE-2025-20751

CVE-2025-20751 relates to MediaTek’s Modem component, where a missing bounds check can cause a system crash leading to remote denial of service. This requires the UE to connect to a rogue base station controlled by an attacker, with no user interaction and no additional privileges needed. The des...

PT-2025-48611

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description A missing bounds check in Modem could lead to a remote denial of service. This can occur if a user equipment UE connects to a rogue base station controlled by an attacker. No additional executi...

CVE-2024-4297

creationtimestamp| type| source ---|---|--- 2025-07-14 03:22:33+00:00| seen| Telegram/W8wyQhcR89MFGIDQ3yvDUhyV4rgfn5r9mKayw8ydBbUUDs...

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

CVE-2025-4297

creationtimestamp| type| source ---|---|--- 2025-05-05 23:20:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15010 2025-05-06 01:55:40+00:00| seen| https://t.me/cvedetector/24516...

CVE-2025-4297

A vulnerability was found in PHPGurukul Men Salon Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/change-password.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2025-4297 PHPGurukul Men Salon Management System change-password.php sql injection

A vulnerability was found in PHPGurukul Men Salon Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/change-password.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2024-4297 HGiga iSherlock - Arbitrary File Download

The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

CVE-2023-4297

CVE-2023-4297: The Mmm Simple File List WordPress plugin (versions

CVE-2023-4297 Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

WordPress Mmm Simple File List Plugin <= 2.3 is vulnerable to Sensitive Data Exposure

Software Mmm Simple File List Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4297 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 23f215a8b1b9 Credits Dmitrii Required privileg...

SUSE SLES12 Security Update : clamav (SUSE-SU-2023:4297-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4297-1 advisory. - Update to 0.103.10 CVE-2023-40477 CVE-2023-40477 Note that Nessus has not tested for this issue but has instead relied only on the...

WordPress WP AutoComplete Search 1.0.4 SQL Injection

Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...

Wordpress WP AutoComplete 1.0.4 - Unauthenticated SQL injection Vulnerability

Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...