74 matches found
CVE-2026-4307
A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...
CVE-2026-4307
creationtimestamp| type| source ---|---|--- 2026-03-17 03:16:22+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4307...
EUVD-2026-4307
In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbsegmentlist...
CVE-2018-4307
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12...
CVE-2025-4307
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/add-art-medium.php. The manipulation of the argument artmed leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-4307
creationtimestamp| type| source ---|---|--- 2025-05-06 02:21:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15023 2025-05-06 05:01:38+00:00| seen| Telegram/tHzf-fgCcphtMP3Ckpi6I5Wko1MCt9Yc10AhwA8AFarD-C8 2025-05-06 06:06:36+00:00| exploited|...
CVE-2025-4307 PHPGurukul Art Gallery Management System add-art-medium.php sql injection
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/add-art-medium.php. The manipulation of the argument artmed leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-4307
PHPGurukul Art Gallery Management System 1.1 is affected by an SQL injection in /admin/add-art-medium.php via the artmed parameter. The vulnerability can be exploited remotely and exploits have been publicly disclosed. Public guidance suggests disabling access to /admin/add-art-medium.php and res...
CVE-2024-4307
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...
CVE-2019-4307
creationtimestamp| type| source ---|---|--- 2024-01-29 12:41:34+00:00| seen| https://t.me/ctinow/175196...
Malicious code in wlwz-2312-4307 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dab5643ac7f0b1808cca6fd2648c0273656fe9995e33c2a3c6915625e48b1cdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-564 Malicious code in wlwz-2312-4307 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dab5643ac7f0b1808cca6fd2648c0273656fe9995e33c2a3c6915625e48b1cdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-4307
creationtimestamp| type| source ---|---|--- 2023-09-12 00:26:21+00:00| seen| https://t.me/cibsecurity/70238...
CVE-2023-4307 Lock User Account <= 1.0.3 - Arbitrary Account Lock/Unlock via CSRF
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack...
CVE-2023-4307
CVE-2023-4307 affects the WordPress plugin Lock User Account (versions
WordPress Lock User Account Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Lock User Account Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4307 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b3c98ff9b7d7 Credits Dmitrii Ignatyev...
CVE-2022-4307
creationtimestamp| type| source ---|---|--- 2023-01-23 18:25:00+00:00| seen| https://t.me/cibsecurity/56834 2025-04-02 15:33:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10099...
CVE-2022-4307
The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...
CVE-2022-4307 Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...
CVE-2022-4307 Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
The پلاگین پرداخت دلخواه WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...