CVE-2026-4632

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

CVE-2023-4632

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges...

EUVD-2017-17712

Malware in sbrugna...

CVE-2022-4632

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue...

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 CVSS score: 9.8, has been described as a path traversal flaw. "Improper limitation of a pathname to a restricte...

CVE-2025-4632

creationtimestamp| type| source ---|---|--- 2025-05-13 06:30:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16080 2025-05-13 06:47:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lozvazwfdb2e 2025-05-13 09:41:16+00:00| seen| https://t.me/cvedetector/25168 2025-05-13...

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2024-4632

The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output...

CVE-2023-4632

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges...

CVE-2023-4632

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges...

CVE-2023-4632

CVE-2023-4632 concerns Lenovo System Update. The vulnerability is an uncontrolled/search path vulnerability in Lenovo System Update that could let a local attacker execute code with elevated privileges due to an untrusted search path. Affected product is Lenovo System Update; root cause is the un...

CVE-2023-4632

creationtimestamp| type| source ---|---|--- 2023-10-28 12:33:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9277 2024-08-16 08:40:14+00:00| published-proof-of-concept| https://t.me/Rootsec2/1566...

CVE-2022-4632

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue...

CVE-2022-4632

CVE-2022-4632 affects Auto Upload Images up to version 3.3.0. It describes a cross-site scripting flaw in an unknown functionality that can be triggered remotely (attack vector: NETWORK) with user interaction required and no privileges. Upgrading to version 3.3.1 fixes the issue (patch identifier...

CVE-2022-4632 Auto Upload Images cross site scripting

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue...

CVE-2020-4632

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416...