EUVD-2026-4339

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...

MiracleLinux 3 : OpenIPMI-2.0.16-16.0.1.AXS3 (AXSA:2013-38:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-38:01 advisory. The Open IPMI project aims to develop an open code base to allow access to platform information using Intelligent Platform Management Interface IPMI. This...

MiracleLinux 4 : ipmitool-1.8.11-12.AXS4.1 (AXSA:2012-21:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-21:01 advisory. This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard...

CVE-2018-4339

This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier...

Debian: Security Advisory (DLA-4339-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4339-1 imagemagick - security update

Bulletin has no description...

CVE-2024-4339

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This make...

CVE-2005-4339

Cross-site scripting XSS vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the...

CVE-2025-4339

The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary...

CVE-2025-4339

creationtimestamp| type| source ---|---|--- 2025-05-13 07:30:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16082 2025-05-13 11:21:38+00:00| seen| https://t.me/cvedetector/25172...

CVE-2025-4339

CVE-2025-4339 (TheGem theme) : A missing capability check in TheGem’s ajaxApi() allows authenticated users with Subscriber+ permissions to update arbitrary theme options in all versions ≤ 5.10.3. Wordfence reports the vulnerability enabling data modification via the save action, with nonce protec...

CVE-2025-4339 TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update

The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary...

WordPress TheGem Theme <= 5.10.3 is vulnerable to Broken Access Control

Software TheGem Type Theme Vulnerable versions = 5.10.3 Fixed in 5.10.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-4339 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0df3139c7e52 Credits Foxyyy Required privilege Subscriber...

OpenSSL 0.9.7 < 0.9.7k Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7k. It is, therefore, affected by a vulnerability as referenced in the 0.9.7k advisory. - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before...

OpenSSL 0.9.8 < 0.9.8c Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.8c. It is, therefore, affected by a vulnerability as referenced in the 0.9.8c advisory. - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before...

CVE-2024-4339

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This make...

CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This make...

WordPress Prime Slider – Addons For Elementor Plugin <= 3.14.3 is vulnerable to Cross Site Scripting (XSS)

Software Prime Slider – Addons For Elementor Type Plugin Vulnerable versions = 3.14.3 Fixed in 3.14.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 737165ec9dfc Credits Ng...

CVE-2019-4339

creationtimestamp| type| source ---|---|--- 2024-01-29 13:41:26+00:00| seen| https://t.me/ctinow/175228...

Rocky Linux 8 : grilo (RLSA-2021:4339)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4339 advisory. - In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to...