CVE-2026-4353

The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the cihubmetadata shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2026-4353 CI HUB Connector <= 1.2.106 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the cihubmetadata shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : fontforge (SUSE-SU-2025:4353-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4353-1 advisory. - CVE-2025-50949: Fixed a memory leak in the DlgCreate8 function. bsc1252652 Tenable has extracted the...

Debian: Security Advisory (DLA-4353-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4353

Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the TCPIPSBinOpenFileFP function,...

CVE-2011-4353

The 1 avimagefillpointers, 2 vp5parsecoeff, and 3 vp6parsecoeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service...

CVE-2025-4353

A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch t...

CVE-2025-4353

CVE-2025-4353 affects Brilliance Golden Link Secondary System (up to 20250424). The vulnerability is a SQL injection in the file /paraframework/queryTsDictionaryType.htm via the dictCn1 parameter. It can be triggered remotely, and public exploits/POCs are referenced in the sources. Impact is desc...

CVE-2025-4353 Brilliance Golden Link Secondary System queryTsDictionaryType.htm sql injection

A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. It is possible to launch t...

Linux Distros Unpatched Vulnerability : CVE-2016-4353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via...

GHSA-4353-VP82-4QQ4 vulnerabilities

Vulnerabilities for packages: chromium...

Photon OS 5.0: Chromium PHSA-2023-5.0-0081

An update of the chromium package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0081. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 5 : libksba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libksba: integer underflow flaw leading to a heap-based buffer overflow in ksbaoidtostr CVE-2014-9087 -...

RHEL 7 : libksba (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libksba: integer underflow flaw leading to a heap-based buffer overflow in ksbaoidtostr CVE-2014-9087 -...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0234-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

CVE-2021-4353 WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

CVE-2021-4353

The CVE-2021-4353 entry concerns the WordPress plugin WooCommerce Dynamic Pricing and Discounts . The vulnerability is an unauthenticated export of the plugin’s settings caused by missing authorization in the export() function, affecting versions up to and including 2.4.1. The available documents...

FreeBSD : electron{22,24} -- multiple vulnerabilities (99bc2966-55be-4411-825f-b04017a4c100)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 99bc2966-55be-4411-825f-b04017a4c100 advisory. - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker...

KLA61310 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Audio can be exploited to cause denial of servi...