Lucene search
K

76 matches found

OSV
OSV
added 2026/06/05 3:55 a.m.4 views

MINI-4388-V598-299W

Bulletin has no description...

9.1CVSS5.2AI score0.00457EPSS
Exploits0
Circl
Circl
added 2026/04/14 4:44 a.m.6 views

CVE-2026-4388

creationtimestamp| type| source ---|---|--- 2026-04-14 04:44:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjgl2haur22z 2026-04-14 05:17:21+00:00| seen| Telegram/VN5qpdZvC1XQa0kocwrxs34zDP5KgO9HhvqtOghSHVfgqA...

7.2CVSS4.8AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 9:4 p.m.1 views

MINI-76WR-4388-759F

Bulletin has no description...

6.7CVSS5AI score0.00434EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.3 views

CVE-2018-4388

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1...

4.6CVSS6.5AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:58 p.m.8 views

CVE-2008-4388

The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods...

9.3CVSS8AI score0.37721EPSS
Exploits9References1
CVE
CVE
added 2025/05/06 6:1 p.m.111 views

CVE-2025-4388

Liferay Portal/DXP CVE-2025-4388 is a reflected XSS affecting Portal 7.4.0–7.4.3.131 and DXP 2024.Q1.1–Q4.5 across multiple 2024 releases up to 7.4 GA with update 92. The vulnerability allows a remote, unauthenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app...

6.9CVSS5.6AI score0.03446EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/05/06 6:1 p.m.31 views

CVE-2025-4388

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...

6.9CVSS0.03446EPSS
Exploits0References1
NVD
NVD
added 2024/05/23 6:15 a.m.19 views

CVE-2024-4388

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...

7.5CVSS6.7AI score0.00719EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/23 6:0 a.m.23 views

CVE-2024-4388 CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...

6.7AI score0.00719EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/23 6:0 a.m.11 views

CVE-2024-4388 CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server...

7.3AI score0.00719EPSS
Exploits1References1
CVE
CVE
added 2024/05/23 6:0 a.m.89 views

CVE-2024-4388

CVE-2024-4388 affects the WordPress CAS plugin (versions &lt;= 1.0.0). The vulnerability arises from a failure to validate a user-supplied path when downloading files, enabling an unauthenticated attacker to download arbitrary server files via endpoints like download.php?path=.... Several connect...

7.5CVSS7.6AI score0.00719EPSS
Exploits1References1
Circl
Circl
added 2023/12/11 1:11 a.m.7 views

CVE-2021-4388

creationtimestamp| type| source ---|---|--- 2023-12-11 01:11:52+00:00| seen| https://t.me/arpsyndicate/1684...

5.3CVSS5.5AI score0.0073EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/11/10 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2023:4388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS7.3AI score0.00187EPSS
Exploits0References7
Circl
Circl
added 2023/10/17 12:32 a.m.5 views

CVE-2023-4388

creationtimestamp| type| source ---|---|--- 2023-10-17 00:32:22+00:00| seen| https://t.me/cibsecurity/72354...

4.8CVSS4.9AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2023/10/16 7:39 p.m.50 views

CVE-2023-4388

CVE-2023-4388 (EventON WordPress plugin) affects WordPress EventON versions prior to 2.2. The vulnerability arises from insufficient sanitization/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The...

4.8CVSS4.7AI score0.00402EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/10/16 7:39 p.m.50 views

CVE-2023-4388 EventON < 2.2 - Admin+ Stored XSS

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00402EPSS
Exploits2References1
CVE
CVE
added 2023/07/01 4:26 a.m.36 views

CVE-2021-4388

The CVE-2021-4388 entry concerns the Opal Estate plugin for WordPress, vulnerable up to version 1.6.11 due to missing capability checks in opalestate_set_feature_property() and opalestate_remove_feature_property(). This flaw allows unauthenticated attackers to set or remove featured properties. T...

5.3CVSS5.2AI score0.0073EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4388

Buffer overflow in the mp4a packetizer modules/packetizer/mpeg4audio.c in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

6.8CVSS7.8AI score0.03782EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2014-0296)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.3AI score0.03782EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2012:1210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.10173EPSS
Exploits0References2
Rows per page
Query Builder