CVE-2026-4616 bolo-blog Article Title article cross site scripting

A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the...

MiracleLinux 7 : python-2.7.5-34.0.1.el7.AXS7 (AXSA:2015-803:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-803:01 advisory. IPy is a Python module for handling IPv4 and IPv6 Addresses and Networks in a fashion similar to perl's Net::IP and friends. The IP class allows a...

CVE-2025-4616

An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls...

K000151520: Python vulnerabilities CVE-2018-20852, CVE-2014-4616, and CVE-2013-7040

Security Advisory Description CVE-2018-20852 http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server...

CVE-2024-4616

The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

CVE-2023-4616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2012-4616

Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor DPA 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors...

Linux Distros Unpatched Vulnerability : CVE-2014-4616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read...

RHEL 8 / 9 : OpenShift Container Platform 4.16.4 (RHSA-2024:4616)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4616 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...

WordPress Widget Bundle Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Widget Bundle Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4616 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8a3dbf68bfd Credits Bob Matyas Required...

RHEL 6 : python33-python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python: missing boundary check in JSON module CVE-2014-4616 Note that Nessus has not tested for this issue but has...

CVE-2023-4616 thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4616 thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4616

CVE-2023-4616 concerns a path traversal in LG LED Assistant’s /api/thumbnail endpoint. The vulnerability stems from insufficient validation of a user-supplied path before performing file operations, enabling an unauthenticated attacker to read sensitive information in the context of the current u...

SUSE CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

CVE-2022-4616

Delta DX-3021 webserver (versions before 1.24) is affected by CVE-2022-4616: command injection via the network diagnosis page due to insufficient input validation. Remote unauthenticated users can add/delete files and change permissions. Impact is high (I/H, A/H) with CVSSv3 scores: 9.1 (NVD) and...

Mageia: Security Advisory (MGASA-2014-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0285)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Python < 2.7.7, 3.2.x < 3.2.6, 3.3.x < 3.3.6, 3.4.x < 3.4.1 JSONDecoder.raw_decode (bpo-21529) - Linux

Python is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...