CVE-2026-4498

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

CVE-2026-4498

creationtimestamp| type| source ---|---|--- 2026-04-08 19:09:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyylbxgtj2o 2026-04-08 23:32:47+00:00| seen| Telegram/ZztUGlJiiCH0mZAuu7v3RF9KN1NNH1hWH4kt4dDN5ep1QI 2026-04-09 09:00:49+00:00| seen|...

CVE-2026-4498

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

Debian: Security Advisory (DLA-4498-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2026-4498

EUVD-2026-4498...

CVE-2012-4498

The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact...

CVE-2025-4498

A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is possible to launch the attack on the local...

CVE-2025-4498

creationtimestamp| type| source ---|---|--- 2025-05-10 10:19:36+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lospphwr3tp2 2025-05-10 10:26:20+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15887 2025-05-10...

CVE-2025-4498

A vulnerability classified as critical has been found in code-projects Simple Bus Reservation System 1.0. Affected is the function a::install of the component Install Bus. The manipulation of the argument bus leads to stack-based buffer overflow. It is possible to launch the attack on the local...

CVE-2024-4498

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

CentOS 8 : dbus (CESA-2023:4498)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:4498 advisory. - D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the...

CVE-2023-4498

creationtimestamp| type| source ---|---|--- 2023-09-06 20:17:47+00:00| seen| https://t.me/cibsecurity/70017...

CVE-2023-4498

CVE-2023-4498 affects the Tenda N300 Wireless N VDSL2 Modem Router. A crafted request containing a whitelisted keyword in the URL can bypass authentication, letting a remote, unauthenticated attacker access pages that should require authentication and potentially read sensitive information (e.g.,...

CVE-2023-4498 Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only...

RHEL 8 : dbus (RHSA-2023:4498)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4498 advisory. D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session...

Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible to two vulnerabilities: 1. A buffer overflow during HTTP Basic Authentication allowing a remote attacker to corrupt memory allocated on a he...

CVE-2022-4498

CVE-2022-4498 affects TP-Link WR710N-V1-151022 and Archer C5-V2-160201 via the httpd daemon. A crafted HTTP Basic Authentication input can trigger a heap overflow in httpd, yielding either a DoS (crash) or arbitrary code execution on affected devices. Public sources (CERT/CC and NVD entries) corr...

CVE-2022-4498 A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...