EUVD-2026-4520

Malicious code in tabletes PyPI...

CVE-2009-4520

The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path...

CVE-2011-4520

Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page...

CVE-2010-4520

Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...

CVE-2025-4520

creationtimestamp| type| source ---|---|--- 2025-05-14 05:56:06+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp4ctsa27uc2 2025-05-14 06:07:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp4dip5uvv2h...

CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to...

CVE-2025-4520 Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to...

WordPress Uncanny Automator plugin <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Settings Update vulnerability discovered by mikemyers in WordPress Plugin Uncanny Automator versions = 6.4.0.2...

Linux Distros Unpatched Vulnerability : CVE-2013-4520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service crash via a stylesheet that embeds a DTD, which causes a structu...

CVE-2024-4520 Improper Access Control in gaizhenbiao/chuanhuchatgpt

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation ...

CVE-2024-4520

CVE-2024-4520 affects the gaizhenbiao/chuanhuchatgpt application (version 20240410). The root cause is insufficient access control in how chat history data is handled, allowing any server user to access another user’s chat history without interaction. Documented impact includes potential data bre...

CentOS 8 : python-requests (CESA-2023:4520)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:4520 advisory. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS...

Oracle Linux 7 : qemu (ELSA-2019-4520)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4520 advisory. - lsi53c895a: check message length value is valid Prasad J Pandit Orabug: 28873208 CVE-2018-18849 - 9p: fix QEMU crash when renaming files Greg Kurz...

CVE-2023-4520 FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fvplayeruservideo’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and...

CVE-2023-4520

CVE-2023-4520 affects FV Flowplayer Video Player for WordPress. A stored XSS via the _fv_player_user_video parameter saved through the plugin’s save function (hooked via init) and an Arbitrary Usermeta Update vulnerability exist in versions up to 7.5.37.7212 due to insufficient input sanitization...

WordPress FV Flowplayer Video Player Plugin <= 7.5.37.7212 is vulnerable to Cross Site Scripting (XSS)

Software FV Flowplayer Video Player Type Plugin Vulnerable versions = 7.5.37.7212 Fixed in 7.5.39.7212 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4520 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d232095d565d...

Oracle Linux 8 : python-requests (ELSA-2023-4520)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-4520 advisory. 2.20.0-3 - Fix Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the Oracle Linux...

RHEL 8 : python-requests (RHSA-2023:4520)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4520 advisory. The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Unintended leak o...

CVE-2022-4520

creationtimestamp| type| source ---|---|--- 2022-12-16 00:23:54+00:00| seen| https://t.me/cibsecurity/54655...

CVE-2022-4520 WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the...