Mingsoft MCMS - SQL Injection

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...

CLEANSTART-2026-BE61221 Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0

Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2026-4375

Missing Authorization vulnerability in ABCdatos Protección de datos RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos RGPD: from n/a through = 0.68...

HP Integrated Lights-Out Improper Input Validation (CVE-2016-4375)

Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 aka iLO 3 firmware before 1.88, Integrated Lights-Out 4 aka iLO 4 firmware before 2.44, and Integrated Lights-Out 4 aka iLO 4 mRCA firmware before 2.32 allow remote attackers to obtain sensitive information, modify data, or cause...

Linux Distros Unpatched Vulnerability : CVE-2018-4375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTun...

CVE-2025-4375

creationtimestamp| type| source ---|---|--- 2025-05-09 05:24:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15672 2025-05-09 06:36:01+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lopqvsrio4o2...

CVE-2025-4375 Cross-Site Request Forgery vulnerability in Pro Cloud Server's WebEA

Cross-Site Request Forgery CSRF vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affec...

CVE-2024-4375 Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied attribute. This...

CVE-2024-4375

CVE-2024-4375 affects Master Slider – Responsive Touch Slider for WordPress. A stored XSS vulnerability exists via the plugin’s ms_layer shortcode in all versions up to 3.9.10, caused by insufficient input sanitization and lack of proper output escaping on the css_id attribute. This allows authen...

CVE-2021-4375 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...

CVE-2021-4375 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure

The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...

CVE-2021-4375

The Welcart e-Commerce plugin for WordPress is affected by CVE-2021-4375 due to a missing capability check in the usces_download_system_information() function in versions up to 2.2.7. This enables authenticated attackers to download WordPress settings, plugin settings, PHP settings, and server se...

CVE-2022-4375

CVE-2022-4375 affects Mingsoft MCMS up to version 5.2.9. The vulnerability is a SQL injection in the /cms/category/list endpoint caused by improper handling of the sqlWhere parameter, allowing remote exploitation. Multiple connected sources confirm the issue and its impact, with upgrade to versio...

Security Bulletin: Multiple IBM MQ vulnerabilities affect IBM Sterling Global Mailbox

Summary IBM MQ is shipped with IBM Sterling Global Mailbox. Multiple vulnerabilities impacts IBM MQ. Remediation is available for the issues. Vulnerability Details CVEID: CVE-2019-4227 DESCRIPTION: IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners...

SUSE: Security Advisory (SUSE-SU-2013:1774-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:1923-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM MQ could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. (CVE-2020-4375)

Summary An error was found within the Dynamic queue logic that could cause a memory leak and be exploited by an attacker to cause a denial of service attack. Vulnerability Details CVEID: CVE-2020-4375 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could all...

CVE-2020-4375

CVE-2020-4375 describes a memory-leak DoS in IBM MQ family (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, 9.1 LTS) triggered by an error in dynamic queue creation. Connected documents confirm the root cause as a memory leak in dynamic queue handling and list affected versions ...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service vulnerability (CVE-2020-4375)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2020-4375 DESCRIPTION: IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PHP vulnerability (USN-4375-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4375-1 advisory. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...