CVE-2026-4578

A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/updates3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicl...

EUVD-2026-4578

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalravuploadfile AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

MINI-MQCQ-4578-9WGX

Bulletin has no description...

📄 WordPress File Provider 1.2.3 SQL Injection

WordPress File Provider plugin versions 1.2.3 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2025-4578 File Provider = 1.2.3 - Unauthenticated SQL Injection Description The File Provider plugin for WordPress is vulnerable to SQL Injection via the 'fileId' paramet...

CVE-2025-4578

The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2025-4578

creationtimestamp| type| source ---|---|--- 2025-06-04 07:10:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqratazuqm2e 2025-07-10 21:00:04+00:00| exploited| Telegram/kabkSjcaer5upRB0Ibwq9GK8VGQatVOtX1VoUjYbdl2MlGc...

CVE-2025-4578

The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2025-4578

CVE-2025-4578 affects the WordPress File Provider plugin (

CVE-2022-4578

The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...

Linux Distros Unpatched Vulnerability : CVE-2016-4578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from...

Linux Distros Unpatched Vulnerability : CVE-2011-4578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - event.c in acpid aka acpid2 before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to...

CVE-2024-4578 Privilege escalation in Arista Wireless Access Points

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to explo...

CVE-2024-4578

CVE-2024-4578 affects Arista Wireless Access Points. An SSH session authenticated as the config user can escalate privileges to root by spawning a bash shell; exploitation requires knowledge of the config password. The issue affects Arista Wi‑Fi AP software trains 13.0.2.x (13.0.2-28-vv1101 and l...

CVE-2024-4578 Privilege escalation in Arista Wireless Access Points

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to explo...

Security Advisory 0098

Security Advisory 0098 . CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Common Weakness Enumeration: CWE-77 Improper...

RHEL 6 : acpid (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - acpid: blocked writes can lead to acpid daemon hang CVE-2011-1159 - acpid: Unsafe umask for actions...

openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2023:3519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for MozillaThunderbird (SUSE-SU-2023:3664-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : thunderbird (RHSA-2023:4945)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4945 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

RLSA-2023:4952 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC...