80 matches found
CVE-2025-4386
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal....
EUVD-2026-4386
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through = 1.6.6...
DLA-4386-1 sogo - security update
Bulletin has no description...
CVE-2021-4386
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
CVE-2024-4386
The Gallery Block Meow Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dataatts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4386 Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Gallery Block Meow Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dataatts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-4386
CVE-2024-4386 affects the Gallery Block (Meow Gallery) WordPress plugin. The vulnerability is a Stored XSS via the data_atts parameter in versions up to 5.1.3, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher,...
openSUSE: Security Advisory for salt (SUSE-SU-2023:4386-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rocky Linux 8 : gcc (RLSA-2021:4386)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4386 advisory. - The demangletemplate function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability for Create an...
CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...
Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our fu...
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...
WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection
Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...
WordPress Intuitive Custom Post Order Plugin < 3.1.4 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:intuitivecustompostorderproject:intuitivecustompostorder";...
CVE-2021-4386
creationtimestamp| type| source ---|---|--- 2023-07-01 07:16:00+00:00| seen| https://t.me/cibsecurity/65850...
CVE-2021-4386
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
CVE-2021-4386
CVE-2021-4386 concerns the WordPress WP Security Question plugin. The vulnerability arises from missing/incorrect nonce validation in the plugin’s save() function, allowing unauthenticated attackers to modify plugin settings via forged requests if they can lure an administrator into clicking a li...
CVE-2021-4386 WP Security Question <= 1.0.5 - Cross-Site Request Forgery Bypass
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
CVE-2022-4386
creationtimestamp| type| source ---|---|--- 2023-02-21 12:21:41+00:00| seen| https://t.me/cibsecurity/58583 2023-11-26 01:39:22+00:00| seen| https://t.me/arpsyndicate/581...