CVE-2026-4486

creationtimestamp| type| source ---|---|--- 2026-03-20 16:26:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhiwm2srxj2u 2026-03-20 21:00:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjfxjuo7i2n 2026-03-20 21:22:50+00:00| seen|...

CVE-2026-4486

A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The explo...

DLA-4486-1 nova - security update

Bulletin has no description...

EUVD-2026-4486

Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the...

RHSA-2024:4486

creationtimestamp| type| source ---|---|--- 2025-07-24 13:36:22+00:00| seen| Telegram/GCTI22YP1CSYMpL-V3OiPdnPXzKD3Fjy8IUdp0zDr1mxfY...

CVE-2022-4486

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2012-4486

Cross-site request forgery CSRF vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors...

CVE-2025-4486

creationtimestamp| type| source ---|---|--- 2025-05-09 22:01:56+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lor7jed4m4a2 2025-05-09 22:30:58+00:00| published-proof-of-concept| Telegram/-FSytdz-B3MQuFO8RZfSO4jPAWx-8JuShz-w-b65AWDPvJk...

CVE-2025-4486 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=deleteplan. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2025-4486 itsourcecode Gym Management System ajax.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=deleteplan. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2025-4486

CVE-2025-4486 affects itsourcecode Gym Management System 1.0. The issue is an SQL injection in the endpoint /ajax.php?action=delete_plan caused by manipulation of the ID parameter, with remote feasibility and public disclosure noted. Multiple sources corroborate the vulnerability and classify ris...

CVE-2022-4486

creationtimestamp| type| source ---|---|--- 2025-04-07 17:45:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10740...

Linux Distros Unpatched Vulnerability : CVE-2016-4486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users t...

RHEL 8 / 9 : OpenShift Container Platform 4.13.45 (RHSA-2024:4486)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4486 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

WordPress Awesome Contact Form7 for Elementor Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Contact Form7 for Elementor Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4486 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0628b239f9f2 Credits...

CVE-2019-4486

creationtimestamp| type| source ---|---|--- 2024-01-27 11:11:47+00:00| seen| https://t.me/ctinow/174736...

Johnson Controls Metasys and Facility Explorer Uncontrolled Resource Consumption (CVE-2023-4486)

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. This...

CVE-2023-4486 Uncontrolled Resource Consumption in Metasys and Facility Explorer

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...

CVE-2023-4486 Uncontrolled Resource Consumption in Metasys and Facility Explorer

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...

CVE-2023-4486

Summary (CVE-2023-4486) : Johnson Controls Metasys and Facility Explorer are affected by an Uncontrolled Resource Consumption vulnerability. Under certain circumstances, invalid authentication credentials can be sent to the login endpoint of affected engines to cause denial-of-service. Affected p...