EUVD-2026-4414

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor w...

CVE-2025-4414

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through 2.5.7...

CVE-2025-4414

creationtimestamp| type| source ---|---|--- 2025-07-04 13:03:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lt5cjppfhb2p...

CVE-2025-4414 WordPress CMSMasters Content Composer plugin < 2.5.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through 2.5.7...

CVE-2025-4414

CVE-2025-4414 concerns the WordPress CMSMasters Content Composer plugin. The vulnerability is an improper control of the filename used in Include/Require, enabling PHP Local File Inclusion (LFI) due to insufficient filtering of local file resource calls in CMSMasters Content Composer. Affected pr...

CVE-2025-4414 WordPress CMSMasters Content Composer < 2.5.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer allows PHP Local File Inclusion. This issue affects CMSMasters Content Composer: from n/a through n/a...

CVE-2018-4414

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7...

CVE-2005-4414

Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."...

SUSE: Security Advisory (SUSE-SU-2024:4414-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:4414-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4414

creationtimestamp| type| source ---|---|--- 2023-08-18 20:38:24+00:00| seen| https://t.me/cibsecurity/68836...

CVE-2023-4414

The CVE-2023-4414 entry concerns Byzoro/Beijing Baichuo Smart S85F Management Platform up to 20230807. Affected component: /log/decodmail.php. Issue: manipulation of the file argument leads to remote command injection. Impact is described as critical with high confidentiality, integrity, and avai...

CVE-2023-4414 Byzoro Smart S85F Management Platform decodmail.php command injection

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be...

CVE-2021-4414

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcalpreviewemails function. This makes it possible for unauthenticated attackers to generat...

CVE-2021-4414

The CVE concerns the WordPress plugin Abandoned Cart Lite for WooCommerce . It is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to and including 5.8.5, caused by missing/incorrect nonce validation in the function wcal_preview_emails() . This allows unauthenticated attackers to ge...

Link Preload XSS bypass

Description Link preloads still do not effectively confirm if the requested link is external. This is a bypass to the fix for CVE-2022-4414. Root Cause The getPayloadURL function was adapted after the disclosure to use the browsers built in URL parser to properly check for a valid URL. This is a...

CVE-2022-4414 Cross-site Scripting (XSS) - DOM in nuxt/framework

Cross-site Scripting XSS - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

CVE-2022-4414 Cross-site Scripting (XSS) - DOM in nuxt/framework

Cross-site Scripting XSS - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13...

CVE-2022-4414

CVE-2022-4414 is a DOM-based XSS in Nuxt.js / nuxt/framework prior to v3.0.0-rc.13. The issue stems from the _getPayloadURL path, where URL parsing and host/params checks can be bypassed, enabling a crafted URL to execute injected JavaScript on prerendered sites. Public details consistently descr...

CVE-2022-4414 Cross-site Scripting (XSS) - DOM in nuxt/framework

Cross-site Scripting XSS - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13...