CVE-2026-4363

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisio...

CVE-2026-4363

Removed by vendor...

CVE-2026-4363

creationtimestamp| type| source ---|---|--- 2026-03-25 14:30:14+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhvchlod2p25 2026-03-26 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260326 2026-03-26 03:00:15+00:00| seen|...

GitLab 18.1 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-4363)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticat...

EUVD-2026-4363

Server-Side Request Forgery SSRF vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through = 2.0.91...

CGA-3VFX-4363-M729

Bulletin has no description...

Debian: Security Advisory (DLA-4363-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CGA-G69Q-4363-FC83

Bulletin has no description...

CVE-2024-4363

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

WordPress Wholesale Market plugin < 2.2.2 - Settings Update via CSRF vulnerability

Settings Update via CSRF vulnerability discovered by WPScan in WordPress Plugin Wholesale Market versions 2.2.2...

CVE-2022-4363 Wholesale Market <= 2.2.2 - Settings Update via CSRF

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

CVE-2022-4363

CVE-2022-4363 affects WordPress plugins: Wholesale Market (pre-2.2.2) and Wholesale Market for WooCommerce (pre-2.0.1). A flawed CSRF check when updating settings could allow a logged-in admin to update settings via CSRF. Public details confirm the affected versions and the vulnerability class; n...

CVE-2025-4363

creationtimestamp| type| source ---|---|--- 2025-05-06 16:21:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15146 2025-05-06 18:21:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lojis7gvfm2h 2025-05-06 20:20:25+00:00| exploited|...

CVE-2025-4363 itsourcecode Gym Management System ajax.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=endmembership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. Th...

CVE-2025-4363

CVE-2025-4363 affects itsourcecode Gym Management System 1.0. The vulnerability is an SQL injection in the endpoint /ajax.php?action=end_membership (parameter rid). Reports consistently indicate a remote attack vector with potential high-severity impact (confidentiality, integrity, and availabili...

CVE-2024-4363

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0234-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA61310 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Audio can be exploited to cause denial of servi...

Chromium: CVE-2023-4363 Inappropriate implementation in WebShare

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Debian: Security Advisory (DSA-5479-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...