CVE-2026-4551

creationtimestamp| type| source ---|---|--- 2026-03-22 16:34:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhnxyhx3sw2k...

CVE-2026-4551

CVE-2026-4551 affects Tenda F453 firmware 1.0.0.3 in the Parameters Handler’s SafeClientFilter: via manipulation of the argument menufacturer/Go, a stack-based buffer overflow is triggered in the function fromSafeClientFilter. The vulnerability can be exploited remotely, and public exploit detail...

CVE-2026-4551 Tenda F453 Parameters SafeClientFilter fromSafeClientFilter memory corruption

A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is...

EUVD-2026-4551

The Responsive Header plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple plugin settings parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

MiracleLinux 7 : libreoffice-4.3.7.2-5.el7.1 (AXSA:2015-935:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-935:01 advisory. LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor,...

CVE-2024-4551

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...

CVE-2011-4551

Cross-site scripting XSS vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters...

CVE-2010-4551

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by omitting the Internet ID field in the person document, and then using an Apple device to 1 accept or 2 decline an invitation...

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4551

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4551

CVE-2025-4551 affects ContiNew Admin up to version 3.6.0. The vulnerability lies in the /dev-api/common/file endpoint where manipulating the File argument enables cross-site scripting. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the issue but...

CVE-2025-4551 ContiNew Admin file cross site scripting

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4551 ContiNew Admin file cross site scripting

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2015-4551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates...

CVE-2024-4551 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...

WordPress Video Gallery Plugin <= 1.3.13 is vulnerable to Local File Inclusion

Software Video Gallery Type Plugin Vulnerable versions = 1.3.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4551 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 0a0b54f79834 Credits Foxyyy Required privilege Contributor Publishe...

CVE-2023-4551

creationtimestamp| type| source ---|---|--- 2024-01-29 22:21:52+00:00| seen| https://t.me/ctinow/175563 2024-02-21 17:08:49+00:00| seen| https://t.me/ctinow/189775...

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

CVE-2023-4551

OpenText AppBuilder (Windows/Linux) is affected by CVE-2023-4551 due to improper input validation in the Scheduler functionality, enabling authenticated users to inject arbitrary OS commands into the running process. Affected versions are 21.2 through 23.2; published advisories indicate command i...

CVE-2023-4551 Command Injection via Task Scheduler

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...