Debian dla-4604 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...

MiracleLinux 9 : redis-6.2.7-1.el9 (AXSA:2023-4604:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4604:01 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2011-4604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The batsocketread function in net/batman-adv/icmpsocket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service memory corruption ...

Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities

The version of Liferay Portal installed on the remote host is 7.4.x = 7.4.3.132. It is, therefore, affected by multiple vulnerabilities: - A reflected cross-site scripting XSS vulnerability in the Liferay Portal allows an remote non-authenticated attacker to inject JavaScript into the...

CVE-2025-4604

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...

CVE-2025-4604

creationtimestamp| type| source ---|---|--- 2025-08-05 00:02:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvmft3joqm2k...

CVE-2025-4604

CVE-2025-4604 affects Liferay Portal 7.4.3.80 through 7.4.3.132 and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92. The vulnerability allows bypassi...

CVE-2025-4604

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...

CVE-2025-4604

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...

CVE-2022-4604

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...

CVE-2013-4604

Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...

CVE-2012-4604

The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorerwse/favorites.exe...

CVE-2023-4604

creationtimestamp| type| source ---|---|--- 2024-08-17 10:37:21+00:00| seen| https://t.me/cvedetector/3379...

CVE-2023-4604 Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post'

The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-4604 Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post'

The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...

CVE-2024-4604 Open Redirect in Magarsus Consultancy's SSO

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...

CVE-2024-4604

Magarsus Consultancy SSO (Single Sign On) contains an Open Redirect vulnerability in versions 1.0 through 1.0.x before 1.1, exposed by allowing manipulation of hidden fields that influence URL redirects. This is a URL redirection issue that could lead users to untrusted sites. Affected component:...

Malicious code in wlwz-2312-4604 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a01d62056724b5df48af9e0543fe679aaf5cd6e4aa7b3c3b86c281501980b1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-588 Malicious code in wlwz-2312-4604 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a01d62056724b5df48af9e0543fe679aaf5cd6e4aa7b3c3b86c281501980b1d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...