Debian: Security Advisory (DLA-4413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2014-4413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption an...

WordPress Pixabay Images plugin <= 3.4 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by siavashvafshar in WordPress Plugin Pixabay Images versions = 3.4...

CVE-2025-4413

The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabayupload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

Important: Red Hat Security Advisory: pki-core security update

An update for pki-core is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : pki-core (RHSA-2024:4413)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4413 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: dogtag ca: token...

CVE-2024-4413

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugi...

CVE-2024-4413 Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugi...

WordPress Hotel Booking Lite Plugin <= 4.11.1 is vulnerable to PHP Object Injection

Software Hotel Booking Lite Type Plugin Vulnerable versions = 4.11.1 Fixed in 4.11.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4413 Patch priority High CVSS severity High 9 Developer Claim ownership PSID f9d7cef7773f Credits Trinh Vu Sonicrrrr Required privilege...

Rocky Linux 8 : tpm2-tools (RLSA-2021:4413)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4413 advisory. - A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2import used a fixed AES key for the inner wrapper, potentially allowing a MITM...

CVE-2023-4413

...

CVE-2023-4413

Summary: CVE-2023-4413 concerns the rkhunter Rootkit Hunter vulnerability affecting versions 1.4.4–1.4.6. It targets an unknown function in /var/log/rkhunter.log, allowing manipulation that can reveal sensitive information in log files. Exploitation is described as locally accessible with high co...

RHEL 8 : openssh (RHSA-2023:4413)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4413 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

CVE-2021-4413 Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2021-4413

The CVE-2021-4413 entry concerns the WordPress Process Steps Template Designer plugin. Affected component: the plugin’s save() function. Root cause: missing or incorrect nonce validation enables Cross-Site Request Forgery (CSRF). Impact: unauthenticated attackers can save field icons via forged r...

CVE-2022-4413

Cross-site Scripting XSS - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

CVE-2022-4413 Cross-site Scripting (XSS) - Reflected in nuxt/framework

Cross-site Scripting XSS - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

CVE-2022-4413 Cross-site Scripting (XSS) - Reflected in nuxt/framework

Cross-site Scripting XSS - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

CVE-2022-4413

The CVE-2022-4413 issue concerns the Nuxt.js framework (nuxt/framework) prior to version 3.0.0-rc.13, where a reflected XSS vulnerability exists in the handling of error/stack traces. The root cause is unsafe rendering of stack traces (via v-html/$stack) in error templates, allowing an attacker t...