94 matches found
CVE-2026-4369
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...
CVE-2026-4369
creationtimestamp| type| source ---|---|--- 2026-04-14 17:28:08+00:00| seen| Telegram/Vdpd7lT308fxiW1s76LVsqR9F6P793RnQqd0qJzf2KghFE 2026-04-14 17:50:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjhwxagd6l2o...
MINI-4369-HX62-8M5Q
Bulletin has no description...
EUVD-2026-4369
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through = 2.23.1...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004369)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004369 advisory. In the Linux kernel through 5.0.2, the function inotifyupdateexistingwatch in fs/notify/inotify/inotifyuser.c neglects to call fsnotifyputmark with INMASKCREATE afte...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
Debian: Security Advisory (DLA-4369-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ECHO-4369-AD70-9848
Bulletin has no description...
CVE-2024-4369
creationtimestamp| type| source ---|---|--- 2025-08-30 15:22:55+00:00| seen| Telegram/-sjSU5JB36IOkH8DPnZ43vM66DF9w5lD7YVvrdulDN0e6ro...
WordPress Companion Auto Update plugin <= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via update_delay_days parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via updatedelaydays parameter vulnerability discovered by Nabil Irawan in WordPress Plugin Companion Auto Update versions = 3.9.2...
Backdoor.Win32.Boiling MVID-2024-0696 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/80cb490e5d3c4205434850eff6ef5f8f.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Boiling Vulnerability: Unauthenticated Remote Command Execution Description: The...
RHEL 8 : less (RHSA-2024:4369)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4369 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does not...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.30 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.18 security update
Red Hat OpenShift Container Platform release 4.15.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...
CVE-2024-4369
OpenShift OpenShift Container Platform cluster-image-registry-operator is affected by CVE-2024-4369. The flaw exposes AZURE_CLIENT_SECRET via an environment variable in a pod definition on Azure environments. An attacker who can obtain pod information from the openshift-image-registry namespace a...
CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure
An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURECLIENTSECRET can be exposed through an environment variable defined in the pod definition, but is limited to Azure environments. An attacker controlling an account that has high enough permissions t...
CVE-2023-4369
creationtimestamp| type| source ---|---|--- 2023-08-15 22:36:44+00:00| seen| https://t.me/cibsecurity/68586 2023-11-18 12:25:43+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9418 2024-01-05 23:49:25+00:00| published-proof-of-concept|...
CVE-2023-4369
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4369
CVE-2023-4369 affects Google Chrome on ChromeOS prior to 116.0.5845.120. The issue is insufficient data validation in Systems Extensions, which could allow a user who is convinced to install a malicious extension to bypass file restrictions via a crafted HTML page. Connected sources corroborate t...