com.github.wjw465150:erupt-dsl (>=1.10.1 <=1.10.15), io.gitee.ank_code:ak-admin-bas (>=0.1 <=0.11) +18 more potentially affected by CVE-2026-4594 via xyz.erupt:erupt-jpa (>=1.10.beta <=1.12.9)

xyz.erupt:erupt-jpa MAVEN version =1.10.beta, =1.10.1, =0.1, =0.1, =0.1, =0.1, =0.1, =1.12.0, =1.12.20, =1.10.13, =1.10.8, =1.12.21, =1.11.7, =1.10.0-beta, =1.10.0-beta, =1.12.23 and more Source cves: CVE-2026-4594 Source advisory: SNYK:JAVA-XYZERUPT-15812216...

CVE-2026-4594

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

EUVD-2026-4594

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

EUVD-2022-4594

Malicious code in bioql PyPI...

WordPress Tournamatch plugin <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin Tournamatch versions = 4.6.1...

CVE-2025-4594

creationtimestamp| type| source ---|---|--- 2025-05-23 04:49:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17371 2025-05-23 07:25:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpt42mtxzh2k...

CVE-2025-4594

CVE-2025-4594 refers to the WordPress plugin Tournamatch. The vulnerability is a stored cross-site scripting (XSS) arising from insufficient input sanitization and output escaping in the trn-ladder-registration-button shortcode, affecting versions up to and including 4.6.1. An authenticated attac...

CVE-2022-4594

A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is...

CVE-2024-4594 DedeCMS sys_safe.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/syssafe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2024-4594 DedeCMS sys_safe.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /src/dede/syssafe.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

CVE-2023-4594

CVE-2023-4594 is a stored XSS vulnerability affecting BVRP Software SLmail (MailAdmin_dll.htm). The issue originates from the ability to inject a malicious JavaScript payload via GET and POST parameters in that file, enabling script execution in the context of affected web interfaces. The primary...

CVE-2023-4594 Cross-site Scripting in BVRP Software SLmail

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

CVE-2022-4594

A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is...

CVE-2022-4594

CVE-2022-4594 affects drogatkin TJWS2. The vulnerability is in the deployWar function of 1.x/src/rogatkin/web/WarRoller.java, where path traversal is possible. It can be exploited remotely, and patch 1bac15c496ec54efe21ad7fab4e17633778582fc is recommended to fix the issue. Connected sources consi...

Oracle Linux 8 : gcc-toolset-11-binutils (ELSA-2021-4594)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4594 advisory. 2.36.1-1.0.1.1 - Forward port Oracle patches from 2.36.1-1.0.1 - Reviewed-by: Jose E. Marchesi 2.36.1-1.1 - Add ability to control the display of unicode...

CVE-2020-4594

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800...

CVE-2020-4594

IBM Security Guardium Insights 2.0.2 is affected by CVE-2020-4594, which describes the use of weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The vulnerability is associated with Guardium Insights 2.0.2 and is reflected in multip...

Ubuntu 18.04 LTS : Quassel vulnerabilities (USN-4594-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4594-1 advisory. It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code...

CVE-2019-4594

creationtimestamp| type| source ---|---|--- 2020-04-15 21:14:13+00:00| seen| https://t.me/cibsecurity/11291...