EUVD-2026-4436

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this...

CVE-2024-4436

creationtimestamp| type| source ---|---|--- 2025-08-30 15:22:53+00:00| seen| Telegram/p-uXN6gZJLAP6EkjusTE4SeCbSQcOa-8bVO72qXEyD9-CMQ...

RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...

CVE-2024-4436

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

CVE-2024-4436

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

VulnCheck KEV: CVE-2021-4436

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be...

CVE-2021-4436

creationtimestamp| type| source ---|---|--- 2024-02-05 10:31:57+00:00| seen| https://t.me/ctinow/179108 2024-02-29 08:47:11+00:00| seen| https://t.me/ctinow/196352 2024-02-29 21:07:52+00:00| published-proof-of-concept| https://t.me/breachdetector/456754 2024-04-16 22:08:35+00:00|...

CVE-2021-4436

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be access...

CVE-2021-4436 3DPrint Lite < 1.9.1.5 - Unauthenticated Arbitrary File Upload

The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlitehandleupload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be access...

CVE-2021-4436

The CVE-2021-4436 entry corresponds to the WordPress plugin 3DPrint Lite, affected versions prior to 1.9.1.5. The vulnerability is an unauthenticated arbitrary file upload via the p3dlite_handle_upload AJAX action, caused by missing authorization and file validation. The presence of a .htaccess d...

CVE-2023-4436

creationtimestamp| type| source ---|---|--- 2023-08-21 02:53:35+00:00| seen| https://t.me/cibsecurity/68869...

CVE-2023-4436 SourceCodester Inventory Management System edit_update.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/editupdate.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated...

CVE-2023-4436

CVE-2023-4436 affects SourceCodester Inventory Management System 1.0. The vulnerability arises from unsafe handling in the file app/action/edit_update.php where manipulating the user_id parameter leads to SQL injection. It is a network-accessible issue with no required user interaction. Impact pe...

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.1.2.1033-alt1

23.1.2.1033-alt1 built April 4, 2023 Yandex Browser Team in task 317282 March 20, 2023 Yandex Browser Team - browser updated to 23.1.2 + High CVE-2022-4436: Use after free in Blink Media. + High CVE-2022-4437: Use after free in Mojo IPC. + High CVE-2022-4438: Use after free in Blink Frames. + Hig...

K93135205: Apache Struts 2 vulnerability CVE-2016-4436

Security Advisory Description Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. CVE-2016-4436 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

SUSE CVE-2016-4436

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...

openSUSE 15 Security Update : opera (openSUSE-SU-2022:10254-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10254-1 advisory. - Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a...

Mageia: Security Advisory (MGASA-2022-0480)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0480 Updated chromium-browser-stable packages fix security vulnerability

The chromium-browser-stable package has been updated to the 108.0.5359.124 release, fixing 8 vulnerabilities. Some of the security fixes are ... High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 High CVE-2022-4437: Use after free in Mojo IPC. Reported by...