MiracleLinux 7 : httpd24-httpd-2.4.34-8.el7.1, httpd24-nghttp2-1.7.1-7.el7.1 (AXSA:2019-4337:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4337:01 advisory. HTTP/2: large amount of data requests leads to denial of service CVE-2019-9511 HTTP/2: flood using PRIORITY frames resulting in excessive resource...

Debian: Security Advisory (DLA-4337-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-4337

Static code injection vulnerability in translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable...

CVE-2012-4337

Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references...

CVE-2005-4337

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified userid parameter and a "/" in the encodedpw parameter...

CVE-2025-46834

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

CVE-2025-46834

Summary: CVE-2025-46834 concerns Alchemy’s Modular Account (2.x branch) prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, where the allowlist module fails to check the path from executeUserOp to execute or executeBatch. This gap permits any session key to bypass access controls and access...

CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

PT-2025-21362 · Unknown · Modular Account De Alchemy

Name of the Vulnerable Software and Affected Versions: Modular Account de Alchemy versions prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0 Description: The issue concerns a bug in the allowlist module of Modular Account de Alchemy, which is compatible with ERC-4337 and ERC-6900. This bug...

CVE-2025-4337

creationtimestamp| type| source ---|---|--- 2025-05-06 05:20:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15060 2025-05-06 06:21:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loiajovkqs2e 2025-05-06 08:37:10+00:00| seen| https://t.me/cvedetector/24542...

WordPress AHAthat Plugin plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion vulnerability

Cross-Site Request Forgery to AHA Page Deletion vulnerability discovered by Régis SENET in WordPress Plugin AHAthat versions = 1.6...

Linux Distros Unpatched Vulnerability : CVE-2022-4337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. CVE-2022-4337 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2006-4337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the maketable function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding...

RHEL 7 : openvswitch (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS CVE-2020-35498 - openvswitch:...

CVE-2023-4337 Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation...

CVE-2023-4337

CVE-2023-4337 affects the Broadcom RAID Controller web interface. The vulnerability arises from improper session handling of gateway-installed managed servers. Based on NVD metrics, it is a CRITICAL issue (CVSS v3.1: 9.8) with network access, no user interaction required, and high impact to confi...

openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:2250-2)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2250-2 advisory. - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. CVE-2022-4337 - An integer underflow in Organizati...

SUSE-SU-2023:2250-2 Security update for openvswitch

This update for openvswitch fixes the following issues: - CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV bsc1206580. - CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV bsc1206581...