EUVD-2026-4298

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

CVE-2023-4298

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-20791

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...

CVE-2025-20791

CVE-2025-20791 describes a vulnerability in the MediaTek Modem where incorrect error handling can cause a system crash, leading to remote denial of service if a user equipment connects to a rogue base station. Exploitation requires no user interaction and is possible over the network; CVSSv3.1 me...

EUVD-2020-4298

Malware in sbrugna...

CVE-2024-4298

creationtimestamp| type| source ---|---|--- 2025-07-14 03:22:31+00:00| seen| Telegram/R8PZzBfc58zF6GH2DQE8Sy6wn-O0ebLyTduEkROGr32F5Y...

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

CVE-2021-4298

A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/searchcriteriaforworksparameter.rb. The manipulation leads to sql injection. Upgrading to versio...

CVE-2025-4298

creationtimestamp| type| source ---|---|--- 2025-05-06 00:19:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15015 2025-05-06 00:36:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lohnc24dli2l 2025-05-06 03:01:09+00:00| published-proof-of-concept|...

CVE-2024-4298

The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...

CVE-2024-4298 HGiga iSherlock - Command Injection

The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...

CVE-2023-4298

creationtimestamp| type| source ---|---|--- 2023-09-04 16:22:16+00:00| seen| https://t.me/cibsecurity/69796...

CVE-2023-4298

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4298 123.chat < 1.3.1 - Admin+ Stored XSS

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4298

CVE-2023-4298 affects the 123.chat WordPress plugin prior to version 1.3.1. The issue is caused by insufficient sanitization and escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). T...

CVE-2022-4298

creationtimestamp| type| source ---|---|--- 2023-01-04 11:55:23+00:00| seen| https://t.me/cibsecurity/55751 2025-04-10 18:49:20+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11306...

CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

CVE-2022-4298

The CVE-2022-4298 issue affects the Wholesale Market WordPress plugin prior to version 2.2.1. The root cause is missing authorization checks and lack of validation for user input used to generate system paths, enabling unauthenticated attackers to download arbitrary files from the server (e.g., s...

CVE-2022-4298 Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

CVE-2021-4298

CVE-2021-4298 affects Hesburgh Libraries of Notre Dame Sipity. The vulnerability is a SQL injection in the function SearchCriteriaForWorksParameter (file: app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb). Root cause: improper handling of input in the parameter logic leadin...