EUVD-2026-4384

Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through = 1.0.8...

CVE-2018-4384

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, watchOS 5.1...

Debian: Security Advisory (DLA-4384-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4384-1 samba - security update

Bulletin has no description...

CVE-2022-4384

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...

CVE-2025-4384

creationtimestamp| type| source ---|---|--- 2025-05-06 16:21:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15154 2025-05-06 20:20:24+00:00| seen| https://t.me/cvedetector/24630...

CVE-2025-4384 Certificate validity not properly verified

The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random devices to take...

CVE-2025-4384 Certificate validity not properly verified

The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random devices to take...

CVE-2024-4384 CSSable Countdown <= 1.5 - Admin+ Stored XSS

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4384 CSSable Countdown <= 1.5 - Admin+ Stored XSS

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress CSSable Countdown Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software CSSable Countdown Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4384 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5ddf21dac862 Credits Bob Matyas Required...

SUSE: Security Advisory (SUSE-SU-2023:4384-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : bind (RLSA-2021:4384)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4384 advisory. - In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Editio...

CVE-2023-4384

creationtimestamp| type| source ---|---|--- 2023-08-17 00:36:47+00:00| seen| https://t.me/cibsecurity/68694...

CVE-2023-4384

The CVE-2023-4384 entry affects MaximaTech Portal Executivo, version 21.9.1.140, via the Cookie Handler component. The vulnerability enables missing encryption of sensitive data and is exploitable remotely. Reported attack complexity is high with no required user interaction, and exploitation is ...

RHEL 8 : openssh (RHSA-2023:4384)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4384 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

CVE-2021-4384

Summary: CVE-2021-4384 affects the WordPress Photo Gallery – Image Gallery plugin for WordPress. The vulnerability is a CSRF flaw caused by missing or incorrect nonce validation in load_images_thumbnail() and edit_gallery() functions, allowing unauthenticated attackers to edit galleries via forge...

CVE-2022-4384

creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:39+00:00| seen| https://t.me/cibsecurity/57584 2025-03-25 21:25:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8782...

CVE-2022-4384 Stream < 3.9.2 - Subscriber+ Alert Creation

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information...

CVE-2022-4384

CVE-2022-4384 affects the WordPress Stream plugin prior to 3.9.2. The root cause is broken access control that lets low-privilege users (e.g., subscribers) access alert creation, potentially leaking sensitive information. A fix is available in version 3.9.2; upgrading mitigates the issue. Multipl...