WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

CVE-2026-4399

creationtimestamp| type| source ---|---|--- 2026-03-31 13:18:57+00:00| seen| Telegram/JITBwt8Dx-6YeOa4-kB3D3uVT5le84WfrafpIhKwvPhvSA 2026-03-31 14:45:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mieg467si52j...

CVE-2026-4399

Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...

EUVD-2026-4399

In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...

Debian dla-4399 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4399 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4399-1 [email protected]...

Debian: Security Advisory (DLA-4399-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2024-4399

creationtimestamp| type| source ---|---|--- 2025-03-13 03:36:38+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-4399.yaml 2025-03-13 21:02:08+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lkbyl6zw4a2s...

Linux Distros Unpatched Vulnerability : CVE-2022-4399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. T...

CVE-2024-4399

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...

CVE-2024-4399

The WordPress CAS Theme (≤ 1.0.0) is affected by an SSRF vulnerability. The CVE-2024-4399 entry notes an SSRF flaw where a parameter is not validated before making a request, enabling unauthenticated SSRF. Nuclei/Nuclei templates specify SSRF via the get_remote_data.php script with a vulnerable u...

CVE-2024-4399 CAS <= 1.0.0 - Unauthenticated SSRF

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...

CVE-2024-4399 CAS <= 1.0.0 - Unauthenticated SSRF

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...

CVE-2019-4399

creationtimestamp| type| source ---|---|--- 2024-01-29 08:41:15+00:00| seen| https://t.me/ctinow/175105...

Grafana Enterprise Datasource Network Restrictions Bypass (CVE-2023-4399)

According to its self-reported version number, the version of Grafana Enterprise running on the remote host is a version 9.4.x prior to 9.4.17, 9.5.x prior to 9.5.13, 10.0.x prior to 10.0.9 or 10.1.x prior to 10.1.5. It is, therefore, affected by a restriction bypass vulnerability. In Grafana...

CVE-2023-4399

CVE-2023-4399 concerns a denial-of-service restriction-bypass in Grafana Enterprise’s Request security feature. The issue arises because the deny-list can be bypassed using punycode encoding of characters in the request address, enabling crafted requests to reach hosts that should be blocked. The...

CVE-2021-4399

CVE-2021-4399 affects the Edwiser Bridge WordPress plugin (versions up to and including 2.0.6). The root cause is missing or incorrect nonce validation in multiple internal functions: user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization()...

DEBIAN-CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...

CVE-2022-4399

CVE-2022-4399 affects TicklishHoneyBee nodau; the vulnerability resides in src/db.c where manipulation of the argument value/name enables SQL injection. The issue is described as critical with potential impact on confidentiality, integrity, and availability. A patch is identified by the patch nam...

CVE-2022-4399 TicklishHoneyBee nodau db.c sql injection

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...