53 matches found
Debian dla-4636 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4636 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4636-1 [email protected]...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-4636 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-4636 Source advisory: OSV:GHSA-F2HX-5FX3-HMCVhttps://vulners.com/osv/OSV:GHSA-F2HX-5FX3-...
Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.15 Images Update
New images are available for Red Hat build of Keycloak 26.2.15 and Red Hat build of Keycloak 26.2.15 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...
CVE-2025-4636
CVE-2025-4636 concerns local privilege escalation in the Airpointer web platform. Multiple connected sources describe that excessive privileges granted to the web user allow a user-space compromise to escalate to root if an attacker gains control of that account. Documents consistently indicate t...
CVE-2024-4636
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2024-4636 Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible...
WordPress Optimole Plugin <= 3.12.10 is vulnerable to Cross Site Scripting (XSS)
Software Optimole Type Plugin Vulnerable versions = 3.12.10 Fixed in 3.13.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9a2ec8f02493 Credits wesley wcraft Required...
Exploit for CVE-2023-4636
CVE-2023-4636 - The vulnerability in the limelight is an unau...
WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...
CVE-2023-4636
creationtimestamp| type| source ---|---|--- 2023-09-05 07:16:42+00:00| seen| https://t.me/cibsecurity/69812 2023-12-13 19:04:16+00:00| published-proof-of-concept| https://t.me/blackcybersec/55 2023-12-13 19:05:47+00:00| published-proof-of-concept| https://t.me/DailyToolz/1080...
CVE-2023-4636
The CVE-2023-4636 issue affects the WordPress File Sharing Plugin for WordPress, version 2.0.3 and earlier. It is a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping in admin settings, exploitable by authenticated users with administrator-leve...
CVE-2022-4636
Affected Product: Black Box KVM Firmware v3.4.31307 for models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, ACR1020A-T. Vulnerability: path traversal via local file inclusion (CWE-22) allowing an attacker to access credentials and sensitive data. Root cause: improper validation of pathna...
SUSE: Security Advisory (SUSE-SU-2022:4636-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-4636-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-4636
CVE-2020-4636 affects IBM Resilient OnPrem (IBM Security SOAR), where a privileged user could inject malicious commands via Python3 scripting (sys module). Root cause involves Python3 scripting capability enabled in Resilient OnPrem 38.2 beta/GA, leading to command injection. Published details in...
Security Bulletin: IBM Resilient SOAR could allow a privileged user to inject malicious commands through Python3 scripting (CVE-2020-4636).
Summary It was possible for a privileged user to inject malicious commands through Python3 scripting, using the sys module, in a Beta version of Resilient. Vulnerability Details CVEID: CVE-2020-4636 DESCRIPTION: IBM Resilient could allow a privileged user to inject malicious commands through...
Debian DSA-4636-1 : python-bleach - security update
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when'noscript' and one or more raw text tags were whitelisted. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
CVE-2019-4636
IBM Security Secret Server 10.7 is affected by CVE-2019-4636: an authenticated user could obtain leaked information from error messages. The IBM bulletin lists this among multiple vulnerabilities and notes remediation via upgrade to fixpack 10.7.000059. Root cause details are not provided in the ...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4636)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4636 advisory. - x86/speculation/mds: Make cpumatches cpuinit Patrick Colp Orabug: 29751729 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 -...