Lucene search
K

72 matches found

Circl
Circl
added 2026/03/18 3:17 a.m.5 views

CVE-2026-4366

creationtimestamp| type| source ---|---|--- 2026-03-18 03:17:32+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4366...

5.8CVSS5.7AI score0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/23 2:28 p.m.4 views

EUVD-2026-4366

Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through = 2.1.0...

5.4AI score0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:56 a.m.6 views

CVE-2018-4366

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1...

7.5CVSS6.3AI score0.06448EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/11/10 12:0 a.m.1 views

Debian: Security Advisory (DLA-4366-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.1 views

Debian dla-4366 : python3-swift - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4366 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4366-1 [email protected] https://www.debian.org/lts/security/...

5.6AI score
Exploits0References2
OSV
OSV
added 2025/11/02 4:47 p.m.1 views

MINI-MJ5Q-4366-WF6C

Bulletin has no description...

7.5CVSS6.8AI score0.00626EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/20 6:7 p.m.6 views

pingora (>=0.1.0 <=0.4.0), pingora-cache (>=0.1.0 <=0.4.0) +3 more potentially affected by CVE-2025-4366 via pingora-core (>=0.1.1 <=0.4.0)

pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 - static-files-module =0.1.0 Source cves: CVE-2025-4366 Source advisory: OSV:GHSA-93C7-7XQW-W357...

7.4CVSS6AI score0.00423EPSS
Exploits0
OSV
OSV
added 2025/05/22 4:15 p.m.4 views

CVE-2025-4366

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

6.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 3:50 p.m.8 views

CVE-2025-4366 Request Smuggling Vulnerability in Pingora

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...

7.4CVSS7.8AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2025/05/22 3:50 p.m.101 views

CVE-2025-4366

CVE-2025-4366 is a Pingora (pingora-proxy) request-smuggling vulnerability. It allows injecting malicious HTTP requests via manipulated request bodies on cache HITs, enabling unauthorized request execution and potential cache poisoning on HTTP/1.1 connections. The issue affects Pingora’s proxying...

7.4CVSS6.5AI score0.00423EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/05/22 1:16 p.m.13 views

CVE-2025-4366

creationtimestamp| type| source ---|---|--- 2025-05-22 13:16:36+00:00| seen| https://bsky.app/profile/cloudflare.social/post/3lpr777ouec2n 2025-05-22 16:22:01+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114552400842390775 2025-05-22 16:44:24+00:00| published-proof-of-concept|...

7.4CVSS5.7AI score0.00423EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2025/05/22 12:0 p.m.4 views

pingora (>=0.1.0 <=0.4.0), pingora-cache (>=0.1.0 <=0.4.0) +3 more potentially affected by CVE-2025-4366 via pingora-core (>=0.1.1 <=0.4.0)

pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 - static-files-module =0.1.0 Source cves: CVE-2025-4366 Source advisory: OSV:RUSTSEC-2025-0037...

7.4CVSS6AI score0.00423EPSS
Exploits0
OSV
OSV
added 2024/07/15 9:49 p.m.10 views

CGA-5JRF-RWHW-4366

Bulletin has no description...

9.8CVSS8.4AI score0.01952EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/08 12:0 a.m.24 views

RHEL 8 : less (RHSA-2024:4366)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4366 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does not...

8.6CVSS7.2AI score0.00628EPSS
Exploits0References4
OSV
OSV
added 2024/06/06 12:22 p.m.11 views

CGA-4366-HRPM-2524

Bulletin has no description...

7.5CVSS7.1AI score0.01262EPSS
Exploits0
NVD
NVD
added 2024/05/24 8:15 a.m.25 views

CVE-2024-4366

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2024/05/24 7:30 a.m.63 views

CVE-2024-4366

The CVE CVE-2024-4366 affects Spectra – WordPress Gutenberg Blocks (Spectra plugin) for WordPress. It enables Stored Cross-Site Scripting via the block_id parameter in versions up to and including 2.13.0 due to insufficient input sanitization and output escaping. The vulnerability can be exploite...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/24 7:30 a.m.28 views

CVE-2024-4366 Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/24 7:30 a.m.13 views

CVE-2024-4366 Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.13 views

WordPress Spectra Plugin <= 2.13.0 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4366 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e05306d8c6c Credits Ngô Thiên An ancorn Required...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder