ECHO-4628-5A89-95B3

Bulletin has no description...

CVE-2026-4628

creationtimestamp| type| source ---|---|--- 2026-03-23 13:11:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhq556wvyi2v 2026-03-24 03:00:03+00:00| seen| https://access.redhat.com/security/cve/cve-2026-4628...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +215 more potentially affected by CVE-2026-4628 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +200 more potentially affected by CVE-2026-4628 via org.keycloak:keycloak-services (>=10.0.0 <=26.6.0)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

EUVD-2008-6612

Malware in sbrugna...

CVE-2022-4628

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CGA-4628-GV3M-5P52

Bulletin has no description...

CVE-2023-4628

creationtimestamp| type| source ---|---|--- 2024-03-12 11:31:33+00:00| seen| https://t.me/ctinow/205540 2024-03-12 11:36:27+00:00| seen| https://t.me/ctinow/205547...

CVE-2023-4628

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...

CVE-2023-4628

The CVE-2023-4628 case concerns the LadiApp WordPress ladipage plugin. A missing nonce check in ladiflow_save_hook() (versions ≤ 4.4) enables unauthenticated attackers to forge requests and update the ladiflow_hook_configs option, potentially convincing an admin to perform actions. Affected produ...

CVE-2023-4628 LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...

Rocky Linux 8 : libreoffice (RLSA-2020:4628)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4628 advisory. - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not th...

CVE-2018-4628

Rejected reason: This candidate is unused by its CNA...

CVE-2022-4628 Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4628

The CVE-2022-4628 entry covers a Stored Cross-Site Scripting vulnerability in the WordPress plugin Easy PayPal Buy Now Button prior to version 1.7.4. Multiple sources confirm that the plugin fails to validate and escape certain shortcode attributes before rendering them on post/pages, enabling us...

CVE-2022-4628 Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode

The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Ubuntu: Security Advisory (USN-4628-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS : Intel Microcode vulnerabilities (USN-4628-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4628-3 advisory. USN-4628-1 provided updated Intel Processor Microcode for various processor types. This update provides the corresponding updates for some...

CentOS 8 : libreoffice (CESA-2020:4628)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4628 advisory. - libreoffice: 'stealth mode' remote resource restrictions bypass CVE-2020-12802 - libreoffice: forms allowed to be submitted to any URI could result i...

CVE-2020-4628

creationtimestamp| type| source ---|---|--- 2021-01-27 16:37:21+00:00| seen| https://t.me/cibsecurity/22704...