CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

CVE-2018-4407

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

CVE-2025-4407

Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...

CVE-2025-4407

Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...

CVE-2025-4407 Application does not invalidate session after password reset

Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...

CVE-2025-4407

The CVE-2025-4407 entry concerns ABB Lite Panel Pro with an Insufficient Session Expiration flaw affecting versions up to and including 1.0.1. The issue, with adjacent network attack vector, low privileges required, and user interaction needed, could compromise confidentiality and integrity, unde...

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

📄 phpMyFAQ 3.1.7 Cross Site Scripting

phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Versio...

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 3.1.7 Tested on: Ubuntu Windows CVE : CVE-2022-4407 PoC: Get:...

Hikvision NVRs Devices HTTP Buffer Overflow (CVE-2015-4407)

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service service interruption via a crafted HTTP request, aka the PSIA issue. This plugin only works with Tenable.ot. Please visit...

CVE-2024-4407

creationtimestamp| type| source ---|---|--- 2024-05-31 10:18:19+00:00| seen| https://t.me/HackingInsights/1273...

CVE-2024-4407

CVE-2024-4407 is a privilege-escalation vulnerability in TIBCO Managed File Transfer Platform Server for Unix and z/Linux. Affected versions are Unix: 8.0.0–8.1.1 and z/Linux: 8.0.0–8.1.1. The issue allows a Platform Server client to bypass authentication and transfer files as root or execute com...

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

Mageia: Security Advisory (MGASA-2024-0127)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated perl-HTTP-Body packages fix security vulnerability

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume...

Malicious code in wlwz-2312-4407 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df9d811761c339838ad9807f64f36ccc17684895d80db348781e070274bc54a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

CVE-2023-4407

creationtimestamp| type| source ---|---|--- 2023-08-18 16:38:12+00:00| seen| https://t.me/cibsecurity/68827...

CVE-2023-4407

CVE-2023-4407 affects Codecanyon Credit Lite 1.5.4. The vulnerability resides in the POST /portal/reports/account_statement endpoint, where manipulated date1/date2 parameters enable SQL injection. Exploitation is described as remotely possible via the affected endpoint; multiple sources corrobora...