CVE-2025-4606

creationtimestamp| type| source ---|---|--- 2025-08-02 23:00:09+00:00| published-proof-of-concept| Telegram/q5mn87rSG6gtI0smEdxx6J-G64nS0ki-dVcfLGdhRjHxuoE 2025-08-03 03:00:05+00:00| published-proof-of-concept| Telegram/I2SzHYS-2X5tGNiLKp66oCYJvjCLqCM5NMA3TgqWPuEsY 2025-08-05 21:02:24+00:00| seen...

CVE-2025-4606 Sala - Startup & SaaS WordPress Theme <= 1.1.4 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it...

CVE-2025-4606

The CVE-2025-4606 entry describes unauthenticated privilege escalation in the Sala - Startup & SaaS WordPress Theme (versions prior to or up to 1.1.4). The root cause is the theme’s failure to properly validate a user’s identity before updating details (e.g., passwords), enabling an unauthenticat...

WordPress Sala Theme <= 1.1.4 is vulnerable to Privilege Escalation

Software Sala Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-4606 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e358e6b6574a Credits Thái An Required...

CVE-2024-4606

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

CVE-2010-4606

Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management HSM component in IBM Tivoli Storage Manager TSM 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows remote attackers to execute arbitrary...

CVE-2024-4606

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3...

CVE-2024-4606

Deserialization of Untrusted Data in BdThemes Ultimate Store Kit Elementor Addons CVE-2024-4606 affects Ultimate Store Kit Elementor Addons and related bundles (WordPress plugins) up to version 2.0.3. Root cause: PHP object deserialization in the plugin, leading to potential arbitrary PHP object ...

WordPress Ultimate Store Kit Elementor Addons Plugin <= 2.0.3 is vulnerable to PHP Object Injection

Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-4606 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 46e7a74eebcc Credits Ray Wilson Requir...

CVE-2019-4606

creationtimestamp| type| source ---|---|--- 2024-03-11 08:41:28+00:00| seen| https://t.me/ctinow/204513...

Malicious code in wlwz-2312-4606 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23e9630f6076a323f5baa65aaac12bd7dfc132e592d627b56de3a664b51fe05b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4606

creationtimestamp| type| source ---|---|--- 2024-01-04 04:09:46+00:00| seen| https://t.me/arpsyndicate/2426...

CVE-2023-4606

CVE-2023-4606 affects Lenovo ThinkSystem ThinkSystem v2 and v3 servers with XCC. An authenticated XCC user with Read-Only privileges can change another user’s password via a crafted API command. Root cause and explicit exploit details are not provided in the available documents. CVSS v3.1 base sc...

Lenovo XClarity Controller (XCC) Vulnerabilities - Lenovo Support US

No description provided...

CVE-2022-4606 PHP Remote File Inclusion in flatpressblog/flatpress

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3...

CVE-2020-4606

creationtimestamp| type| source ---|---|--- 2021-01-08 18:42:05+00:00| seen| https://t.me/cibsecurity/21833...

CVE-2020-4606

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883...

CVE-2020-4606

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883...

Security Bulletin: A Vulnerability Has Been Identified In IBM Security Verify Privilege Manager (CVE-2020-4606)

Summary A vulnerability identified in IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager has been addressed in the release 10.8.2 Vulnerability Details CVEID: CVE-2020-4606 DESCRIPTION: IBM Security Secret Server is vulnerable to an XML External Entity...