CVE-2026-4387 Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

CVE-2026-4387

StrongDM Desktop Application prior to 23.74.0 (Desktop Client before 53.77.0) stores authentication state in cleartext in a per-user file C:\Users.sdm\state.kv, exposing a JSON Web Token and asymmetric key material. Access requires local read to the user profile and additional deployment/executio...

GO-2026-4387 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE in github.com/siyuan-note/siyuan/kernel

SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE in github.com/siyuan-note/siyuan/kernel...

EUVD-2026-4387

In the Linux kernel, the following vulnerability has been resolved: gve: defer interrupt enabling until NAPI registration Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause...

CVE-2009-4387

The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...

CVE-2025-4387 Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload

The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcapaddtocartpopupuploadfiles function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with...

CVE-2025-4387

CVE-2025-4387 concerns the WordPress plugin Abandoned Cart Pro for WooCommerce, where versions up to and including 9.16.0 contain an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function. An attacker with subscrib...

WordPress Abandoned Cart Pro for WooCommerce plugin <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Phil Wylie mustardbees in WordPress Plugin Abandoned Cart Pro for WooCommerce versions = 9.16.0...

Linux Distros Unpatched Vulnerability : CVE-2023-4387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in vmxnet3rqallocrxbuf in drivers/net/vmxnet3/vmxnet3drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This iss...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3684-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:3683-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-4387

creationtimestamp| type| source ---|---|--- 2024-02-28 15:41:27+00:00| seen| https://t.me/ctinow/195574...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3473)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-3378)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : salt (SUSE-SU-2023:4387-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4387-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has...

Rocky Linux 8 : libssh (RLSA-2021:4387)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4387 advisory. - libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL. CVE-2020-16135 Note that Nessus has not tested for this issue but has...

Unbreakable Enterprise kernel security update

4.1.12-124.79.2 - net/sched: clsroute: No longer copy tcfresult on update to avoid use-after-free valis Orabug: 35814273 CVE-2023-4206 - net/sched: schqfq: account for stab overhead in qfqenqueue Pedro Tammela Orabug: 35636291 CVE-2023-3611 - rds: Fix lack of reentrancy for connection reset with...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3680-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3680-1 advisory. The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security...

CVE-2023-4387 affecting package kernel for versions less than 5.15.126.1-1

CVE-2023-4387 affecting package kernel for versions less than 5.15.126.1-1. A patched version of the package is available...

OESA-2023-1536 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in net/sched/clsfw.c in classifiers clsfw, clsu32, and clsroute in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the...