CVE-2026-4402

creationtimestamp| type| source ---|---|--- 2026-04-08 04:16:42+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4402 2026-04-08 14:22:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyikiheiv2q...

EUVD-2026-4402

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmaphelperzaponepage again A few checks were missing in gmaphelperzaponepage, which can lead to memory corruption in the guest under specific circumstances. Add the missing checks...

MiracleLinux 4 : gnupg2-2.0.14-6.AXS4 (AXSA:2014-005:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-005:01 advisory. GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanc...

MiracleLinux 3 : gnupg-1.4.5-18.AXS3 (AXSA:2013-679:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2013-679:01 advisory. GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is...

Debian: Security Advisory (DLA-4402-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2024-568 Malicious code in wlwz-2312-4402 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e795a571ad681e41aee120f0daf66190de29fc9ce965f42f284d1d7299d8750 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4402 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e795a571ad681e41aee120f0daf66190de29fc9ce965f42f284d1d7299d8750 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4402

creationtimestamp| type| source ---|---|--- 2023-10-20 12:35:21+00:00| seen| https://t.me/cibsecurity/72661...

CVE-2023-4402

The WordPress Essential Blocks plugin (versions up to and including 4.2.0) is affected by a PHP Object Injection via deserialization of untrusted input in the get_products/get_posts path. The vulnerability allows unauthenticated attackers to inject a PHP Object; exploitation may enable deletion o...

CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks

On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our fu...

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...

CVE-2021-4402 Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...

CVE-2021-4402

The CVE-2021-4402 entry describes a CSRF vulnerability in the WordPress Multiple Roles plugin up to version 1.3.1 due to missing or incorrect nonce validation in mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently(). Unauthenticated attackers could coerce an administrator into ...

CVE-2022-4402

CVE-2022-4402 affects RainyGao DocSys 2.02.37, specifically the ZIP File Decompression Handler. The issue is a path traversal vulnerability triggered by using "../filedir" that can be exploited remotely. Multiple sources confirm the exploit has been publicly disclosed, and the vulnerability is la...

Ubuntu: Security Advisory (USN-1987-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2013-287-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0303)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...