Oracle Linux 7 : freerdp (ELSA-2026-4471)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4471 advisory. - Fixed CVE-2026-22855 CVE-2026-22858 CVE-2026-22859 Orabug: 39075086 - fixed CVE-2026-23530 CVE-2026-23531 CVE-2026-23532 CVE-2026-23533 CVE-2026-2388...

CVE-2026-4471

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admineditemployee.php. Executing a manipulation of the argument FirstName can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-4471

creationtimestamp| type| source ---|---|--- 2026-03-20 06:38:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhhvsdgazz2d...

RHSA-2026:4471 Red Hat Security Advisory: freerdp security update

Bulletin has no description...

EUVD-2026-4471

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

MiracleLinux 4 : firefox-68.5.0-2.0.1.AXS4 (AXSA:2020-4471:05)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4471:05 advisory. Mozilla: Missing bounds check on shared memory read in the parent process CVE-2020-6796 Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox...

CVE-2022-4471

creationtimestamp| type| source ---|---|--- 2025-03-21 20:24:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8430...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection

The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level permissions and...

RHEL 8 : Release of OpenShift Serverless Client kn 1.29.1 (Moderate) (RHSA-2023:4471)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4471 advisory. Red Hat OpenShift Serverless Client kn 1.29.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.1. The kn CLI is delivered as an RPM...

CVE-2018-4471

Rejected reason: This candidate is unused by its CNA...

CVE-2023-4471

creationtimestamp| type| source ---|---|--- 2023-08-31 12:13:07+00:00| seen| https://t.me/cibsecurity/69528...

CVE-2023-4471

The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the startdate and enddate parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-4471

The Order Tracking Pro WordPress plugin is vulnerable to Reflected Cross-Site Scripting via start_date and end_date in versions up to 3.3.6 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject web scripts into pages executed when a user is tr...

WordPress Order Tracking Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Order Tracking Type Plugin Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29d4142f0f03 Credits Marco Wotschka...

CVE-2022-4471 YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4471

CVE-2022-4471 affects the WordPress plugin YARPP (Yet Another Related Posts Plugin) prior to version 5.30.3 . The vulnerability arises because certain shortcode attributes are not validated/escaped before being output in a page/post, which could allow a user with the contributor role or higher to...

WordPress YARPP Plugin <= 5.30.2 is vulnerable to Cross Site Scripting (XSS)

Software YARPP Type Plugin Vulnerable versions = 5.30.2 Fixed in 5.30.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2022-4471 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60c430d55f43 Credits István Márton Required...

Ubuntu: Security Advisory (USN-1079-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1079-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...