72 matches found
CVE-2026-4366
creationtimestamp| type| source ---|---|--- 2026-03-18 03:17:32+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4366...
EUVD-2026-4366
Cross-Site Request Forgery CSRF vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through = 2.1.0...
CVE-2018-4366
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1...
Debian: Security Advisory (DLA-4366-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-4366 : python3-swift - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4366 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4366-1 [email protected] https://www.debian.org/lts/security/...
MINI-MJ5Q-4366-WF6C
Bulletin has no description...
pingora (>=0.1.0 <=0.4.0), pingora-cache (>=0.1.0 <=0.4.0) +3 more potentially affected by CVE-2025-4366 via pingora-core (>=0.1.1 <=0.4.0)
pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 - static-files-module =0.1.0 Source cves: CVE-2025-4366 Source advisory: OSV:GHSA-93C7-7XQW-W357...
CVE-2025-4366
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...
CVE-2025-4366 Request Smuggling Vulnerability in Pingora
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: ...
CVE-2025-4366
CVE-2025-4366 is a Pingora (pingora-proxy) request-smuggling vulnerability. It allows injecting malicious HTTP requests via manipulated request bodies on cache HITs, enabling unauthorized request execution and potential cache poisoning on HTTP/1.1 connections. The issue affects Pingora’s proxying...
CVE-2025-4366
creationtimestamp| type| source ---|---|--- 2025-05-22 13:16:36+00:00| seen| https://bsky.app/profile/cloudflare.social/post/3lpr777ouec2n 2025-05-22 16:22:01+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114552400842390775 2025-05-22 16:44:24+00:00| published-proof-of-concept|...
pingora (>=0.1.0 <=0.4.0), pingora-cache (>=0.1.0 <=0.4.0) +3 more potentially affected by CVE-2025-4366 via pingora-core (>=0.1.1 <=0.4.0)
pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 - static-files-module =0.1.0 Source cves: CVE-2025-4366 Source advisory: OSV:RUSTSEC-2025-0037...
CGA-5JRF-RWHW-4366
Bulletin has no description...
RHEL 8 : less (RHSA-2024:4366)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4366 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does not...
CGA-4366-HRPM-2524
Bulletin has no description...
CVE-2024-4366
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4366
The CVE CVE-2024-4366 affects Spectra – WordPress Gutenberg Blocks (Spectra plugin) for WordPress. It enables Stored Cross-Site Scripting via the block_id parameter in versions up to and including 2.13.0 due to insufficient input sanitization and output escaping. The vulnerability can be exploite...
CVE-2024-4366 Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4366 Spectra – WordPress Gutenberg Blocks <= 2.13.0 - Authenticated (Author+) Stored Cross-Site Scripting
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Spectra Plugin <= 2.13.0 is vulnerable to Cross Site Scripting (XSS)
Software Spectra Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4366 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e05306d8c6c Credits Ngô Thiên An ancorn Required...