GHSA-F577-QRJJ-4474 vulnerabilities

Vulnerabilities for packages: kibana...

CVE-2021-4474

creationtimestamp| type| source ---|---|--- 2026-03-26 20:25:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhygqwfvmb2s...

MINI-JJHW-CG85-4474

Bulletin has no description...

DLA-4474-1 rlottie - security update

Bulletin has no description...

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

CVE-2025-4474

creationtimestamp| type| source ---|---|--- 2025-05-13 07:30:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16081 2025-05-13 08:47:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp23xraf342w 2025-05-13 11:21:39+00:00| seen| https://t.me/cvedetector/25173 2025-06-25...

CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fedadminsettingformfunction function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the...

CVE-2025-4474

CVE-2025-4474 affects the WordPress Frontend Dashboard plugin (versions 1.0–2.2.7). A missing capability check in fed_admin_setting_form_function() allows authenticated users with Subscriber+ to overwrite the plugin’s register role, elevating privileges to administrator. Public references in Word...

WordPress Frontend Dashboard 1.0-2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Dashboard versions 1.0-2.2.7...

CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4474 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ac6aad694797 Credits Bob Matyas Required...

CVE-2023-4474

creationtimestamp| type| source ---|---|--- 2023-12-01 13:01:05+00:00| seen| https://t.me/truesecator/5152 2023-12-01 17:29:09+00:00| seen| https://t.me/itsecnews/3752 2023-12-06 16:44:37+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/8091 2023-12-06 22:13:25+00:00| seen|...

Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

Zyxel has released patches to address 15 security issues impacting network-attached storage NAS, firewall, and access point AP devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 CVSS...

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

CVE-2023-4474

CVE-2023-4474 affects Zyxel NAS326 and NAS542 devices. The root cause is improper neutralization of special elements in the WSGI server, allowing an unauthenticated attacker to execute OS commands by sending a crafted URL. Affected firmwares: NAS326 up to V5.21(AAZF.14)C0 and NAS542 up to V5.21(A...

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

CVE-2022-4474 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS

The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4474

The CVE-2022-4474 entry affects the Easy Social Feed WordPress plugin (versions prior to 6.4.0). The issue is a failure to validate and escape certain shortcode attributes, causing Stored XSS that can be triggered by low-privilege users (contributor) and exploited against higher-privilege users (...

Mageia: Security Advisory (MGASA-2013-0332)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:1528-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...