CVE-2026-4390

creationtimestamp| type| source ---|---|--- 2026-05-27 20:21:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmudh4gtow2i...

CVE-2026-4390 TeamSpeak 3 Server Connection State Management process_resend_queue use after free

A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function processresendqueue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to mitigate this issue...

EUVD-2026-4390

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in getfileallinfo In getfileallinfo, if vfsgetattr fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004390)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004390 advisory. In f2fsxattrgenericlist of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System...

EUVD-2009-1551

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2025-4390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the...

CVE-2025-4390

CVE-2025-4390 affects the WordPress plugin WP Private Content Plus (versions up to 3.6.2). The vulnerability is a Sensitive Information Exposure via the validate_restrictions function, allowing unauthenticated attackers to extract sensitive data, including restricted posts on archive and feed pag...

CVE-2025-4390

Removed by vendor...

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...

CVE-2013-4390

Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core org.apache.sling.auth.core bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a...

CVE-2012-4390

1 apps/calendar/appinfo/remote.php and 2 apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors...

CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...

CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...

WordPress Depicter Slider Plugin <= 3.0.2 is vulnerable to Broken Access Control

Software Depicter Slider Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f1ad707b2c Credits Arkadiusz Hydzik Required...

CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

CVE-2023-4390 Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

CVE-2023-4390

Affected product: WordPress Popup box plugin (versions before 3.7.2). Vulnerability: admin+ stored cross-site scripting due to insufficient sanitization/escaping of certain Popup fields, enabling arbitrary script injection even when unfiltered_html is disallowed (notably in multisite setups). Imp...

WordPress Popup box Plugin < 3.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup box Type Plugin Vulnerable versions 3.7.2 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4390 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4da53333beaa Credits Prasad Borvankar Required...

CVE-2022-4390

creationtimestamp| type| source ---|---|--- 2022-12-09 22:13:38+00:00| seen| https://t.me/cibsecurity/54245...

CVE-2022-4390

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions...