MINI-CJP4-4392-QC34

Bulletin has no description...

CVE-2026-4392

creationtimestamp| type| source ---|---|--- 2026-05-27 20:11:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmucv7e3b52p...

EUVD-2026-4392

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

Linux Distros Unpatched Vulnerability : CVE-2018-4392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari...

CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitizefile function. This...

CVE-2025-4392

The CVE-2025-4392 entry concerns the WordPress plugin Shared Files – Frontend File Upload Form & Secure File Sharing. Affected versions: up to 1.7.48. Root cause: insufficient input sanitization and output escaping in the sanitize_file() function, allowing unauthenticated stored XSS via html file...

CVE-2025-4392

creationtimestamp| type| source ---|---|--- 2025-06-03 05:07:12+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3lqojh7urjl2q...

WordPress Shared Files plugin <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function vulnerability

Unauthenticated Stored Cross-Site Scripting via sanitizefile Function vulnerability discovered by Martin Martin in WordPress Plugin Shared Files versions = 1.7.48...

CVE-2022-4392

The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2019-4392

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system...

Linux Distros Unpatched Vulnerability : CVE-2013-4392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on...

SUSE: Security Advisory (SUSE-SU-2024:4392-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : systemd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary file...

CVE-2024-4392

CVE-2024-4392 affects the Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin. The vulnerability is a Stored Cross-Site Scripting flaw in the plugin’s wpvideo shortcode present in all versions up to and including 13.3.1, caused by insufficient input sanitization and output escaping on...

CVE-2023-4392

CVE-2023-4392 affects Control iD Gerencia Web 1.30, specifically the Cookie Handler component, causing cleartext storage of sensitive information. The vulnerability can be exploited remotely with high attack complexity, and exploitation has been disclosed publicly. There is no patch version state...

CVE-2021-4392

CVE-2021-4392 affects the WordPress plugin “eCommerce Product Catalog” (versions up to and including 2.9.43). Root cause: missing or incorrect nonce validation in the implecode_save_products_meta() function, enabling CSRF. Impact: unauthenticated attackers can save product meta data by tricking a...

CVE-2022-4392 iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS

The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-4392

Product : iPanorama 360 WordPress Virtual Tour Builder plugin (= 1.6.30) or apply vendor advisories/workarounds. Notes : Public PoCs exist demonstrating the Stored XSS behavior; exploitation details are documented in multiple sources (e.g., WPScan, PT Security, Red Hat CVE pages).

CVE-2019-4392

CVE-2019-4392 affects HCL AppScan Standard Edition (version 9.0.3.13 and earlier). The underlying issue is hard-coded credentials in the product, enabling attackers to gain unauthorized access. CVSS indicates high/critical impact (C/H, I/H, A/H) with network attack vector and no user interaction....

CVE-2018-4392

CVE-2018-4392 refers to multiple memory corruption issues in Apple products that were addressed by improved memory handling. Public details show impact on iOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows before the corresponding patches. Affected versions (per sources) include iOS &lt; ...