EUVD-2026-4409

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2018-4409

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8...

CVE-2009-4409

The 1 CHAP and 2 MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator PPPAC function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack...

DLA-4409-1 paramiko - security update

Bulletin has no description...

CVE-2022-4409

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

Hikvision NVRs Devices HTTP Buffer Overflow (CVE-2015-4409)

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service service interruption via a crafted HTTP request, aka the SDK issue. This plugin only works with Tenable.ot. Please visit...

Moderate: Red Hat Security Advisory: linux-firmware security update

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this upda...

RHEL 8 : linux-firmware (RHSA-2024:4409)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4409 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: kernel: Reserved field...

CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a...

CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a...

WordPress WP ViperGB Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ViperGB Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4409 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce16817d4da2 Credits Benedictus Jovan aillesiM...

CVE-2013-4409

creationtimestamp| type| source ---|---|--- 2024-02-04 08:36:57+00:00| seen| https://t.me/ctinow/178718...

CVE-2023-4409

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. T...

CVE-2023-4409 NBS&HappySoftWeChat unrestricted upload

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. T...

CVE-2023-4409

CVE-2023-4409 affects NBS&HappySoftWeChat version 1.1.6. The vulnerability concerns unrestricted upload in an unknown functionality, enabling remote exploitation. Multiple connected sources confirm remote access and public disclosure of the exploit. The provided documents do not specify a fixed v...

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4409)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4409 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...

CVE-2021-4409 WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery Bypass

The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpfdeletefeed function. This makes it possible for unauthenticated attackers to delete an export...

CVE-2021-4409

The CVE concerns the WordPress plugin WooCommerce Etsy Integration . It is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 3.3.1, due to missing/incorrect nonce validation in the etcpf_delete_feed() function. This allows an unauthenticated attacker to delete an exp...

SUSE CVE-2008-4422

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-4409. Reason: This candidate is a duplicate of CVE-2008-4409. Notes: All CVE users should reference CVE-2008-4409 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2022-4409

creationtimestamp| type| source ---|---|--- 2022-12-11 18:20:15+00:00| seen| https://t.me/cibsecurity/54265...