CVE-2026-4346

creationtimestamp| type| source ---|---|--- 2026-03-27 00:14:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhytllyj3n2d...

EUVD-2026-4346

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.8...

CVE-2018-4346

A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14...

CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

WordPress Startklar Elementor Addons Plugin <= 1.7.13 is vulnerable to Arbitrary File Deletion

Software Startklar Elementor Addons Type Plugin Vulnerable versions = 1.7.13 Fixed in 1.7.14 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-4346 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID ae9a780a26b1 Credits István Márton...

SUSE: Security Advisory (SUSE-SU-2023:4346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4346

creationtimestamp| type| source ---|---|--- 2023-08-30 00:17:42+00:00| seen| https://t.me/cibsecurity/69389...

CVE-2023-4346

KNX devices that use KNX Connection Authorization with Option 1 are affected. The vulnerability allows an attacker (network or physical access) to purge devices, set a BCU key, and lock the device, with users often unable to reset without the current password. The CVSSv3 base score is 7.5 (AV:N/A...

CVE-2021-4346

The CVE-2021-4346 entry concerns the WordPress uListing plugin. Concrete details across connected documents show that versions up to and including 1.6.6 are vulnerable due to missing login checks on the stm_listing_profile_edit AJAX action, enabling unauthenticated attackers to edit accounts (e.g...

CVE-2021-4346 uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes

The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stmlistingprofileedit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog,...

CVE-2022-4346

The CVE-2022-4346 issue affects the All-In-One Security (AIOS) WordPress plugin (versions prior to 5.1.3). The underlying problem is an information disclosure: plugin settings, including the email address, were leaked publicly. Public references and security feeds document an exposure vector tied...

CVE-2022-4346 All In One WP Security & Firewall < 5.1.3 - Configuration Leak

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

django-pesapal (>=0.2.0 <=0.3.4) potentially affected by CVE-2013-4346 via oauth2 (=1.5.211)

oauth2 PYPI version =1.5.211 is affected by a known vulnerability. The following packages have a transitive dependency on oauth2 and may be impacted: - django-pesapal =0.2.0, =0.3.4 Source cves: CVE-2013-4346 Source advisory: OSV:GHSA-4433-4CXQ-VV73...

CVE-2020-4346

CVE-2020-4346 affects IBM API Connect: management server with versions 2018.4.1.0–2018.4.1.10 contains an unsecured API that allows an unauthenticated attacker to obtain sensitive information. The issue is documented by IBM and is associated with a CVSS ~5.3 (medium) overall impact, reflecting in...

Security Bulletin: IBM API Connect is vulnerable to sensitive information leak (CVE-2020-4346)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4346 DESCRIPTION: IBM API Connect's management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. CVSS Base score: 5.3 CVSS...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4346-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4346-1 advisory. It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A loc...

Man-In-The-Middle (MitM)

Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating...

CVE-2018-4346

CVE-2018-4346 involves a validation issue that allowed local file access on macOS versions prior to Mojave 10.14. The condition originated from insufficient input validation; Apple addressed it with input sanitization. Affected components are tied to macOS security updates, including the Mojave-e...

SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1504-1)

This update for php5 fixes the following issues : Security issues fixed : - CVE-2016-4346: heap overflow in ext/standard/string.c bsc977994 - CVE-2016-4342: heap corruption in tar/zip/phar parser bsc977991 - CVE-2016-4537, CVE-2016-4538: bcpowmod accepts negative scale causing heap buffer overflo...

Debian DSA-4346-1 : ghostscript - security update

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER sandbox being enabled. This update rebases ghostscript for stretch t...