CVE-2026-4626

CVE-2026-4626 affects the projectworlds Lawyer Management System 1.0. The vulnerability is a cross-site scripting (XSS) flaw triggered by manipulating the Description argument in the /lawyer_booking.php endpoint (also referred to as /lawyer booking.php in other sources). The issue is exploitable ...

EUVD-2015-4564

Malware in sbrugna...

CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouttype’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouttype’ and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress JetWidgets For Elementor Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS)

Software JetWidgets For Elementor Type Plugin Vulnerable versions = 1.0.17 Fixed in 1.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4626 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8b1769bce3b2 Credits stealthcopter...

CVE-2023-4626

creationtimestamp| type| source ---|---|--- 2024-03-12 11:31:31+00:00| seen| https://t.me/ctinow/205538 2024-03-12 11:36:25+00:00| seen| https://t.me/ctinow/205545...

CVE-2023-4626

The CVE-2023-4626 entry affects the LadiApp WordPress plugin, where a missing capability check in ladiflow_save_hook() enables data modification by authenticated users with subscriber-level access or higher. The vulnerability is noted in versions up to and including 4.3, allowing updates to the l...

Shares Manipulation DoS Vulnerability in StakedUSDe

Lines of code Vulnerability details Impact The StakedUSDe contract is vulnerable to manipulation by a malicious actor, leading to a permanent interruption of operations through a Denial-of-Service DoS attack. This vulnerability also impacts StakedUSDeV2 due to its inheritance of the StakedUSDe...

Malicious Yield Vault could deny Pool Together withdrawing assets

Lines of code Vulnerability details Impact Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an attacker could set up a malicious ERC-4626 contract and set that as the yield source for a newly created Vault. The attacker could then have the maliciou...

Vault funds can be stolen by a malicious Yield Vault.

Lines of code Vulnerability details Impact When a vault is initialized, it sets Max Token Approval for the Yield Vault which allows the Yield Vault to ALWAYS have access to the funds in the vault. Since vaults can be created by anyone as long as they provide an ERC-4626 compliant yield source, an...

Slippage controls for calling bHermes contract's ERC4626DepositOnly.deposit and ERC4626DepositOnly.mint functions are missing

Lines of code Vulnerability details Impact mentions that "if implementors intend to support EOA account access directly, they should consider adding an additional function call for deposit/mint/withdraw/redeem with the means to accommodate slippage loss or unexpected deposit/withdrawal limits,...

Upgraded Q -> 2 from #308 [1685704892606]

Judge has assessed an item in Issue 308 as 2 risk. The relevant finding follows: L-04 MINNONZEROTOTALSHARES of 1e9 could lead to stuck funds for underlying tokens with lower decimals in the future StrategyBase.solL28 uint96 internal constant MINNONZEROTOTALSHARES = 1e9; In the future, to support...

Inexistent Slippage Evaluation

Lines of code Vulnerability details Impact The ecosystem of Ethos Reserve contains an EIP-4626 implementation of a vault meant to be integrated by its LUSD lending and borrowing system. As per the standard's Security Considerations itself, slippage checks need to be introduced at the integration...

ReaperVaultERC4626.sol is not EIP-4626 compliant

Lines of code Vulnerability details Impact Other protocols integrated with Ethos Reserve may mistakenly assume that its function complies with EIP-4626. Therefore, this may lead to integration issues in the future, which could result in various problems for both parties. Proof of Concept All...

CVE-2022-4626

The PPWP – WordPress Password Protect Page plugin is affected by a Stored XSS in shortcode attributes in versions

CVE-2022-4626 PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users...

CVE-2022-4626 PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users...

WordPress PPWP – WordPress Password Protect Page Plugin < 1.8.6 is vulnerable to Cross Site Scripting (XSS)

Software PPWP – WordPress Password Protect Page Type Plugin Vulnerable versions 1.8.6 Fixed in 1.8.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4626 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID c899b093125c Credi...

SUSE: Security Advisory (SUSE-SU-2022:4626-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-4626

IBM InfoSphere Subscription Manager is affected by CVE-2019-4626, a Cross-Site Request Forgery in IBM InfoSphere Information Server components. Affected products and versions include IBM InfoSphere Information Server (11.3, 11.5, 11.7) and InfoSphere Information Server on Cloud (11.5, 11.7). The ...