MiracleLinux 8 : nodejs:14 nodejs-nodemon-2.0.20-2.module+el8+1579+35966ec0, nodejs-packaging-23-3.module+el8+1579+35966ec0, nodejs-14.21.1-2.module+el8+1579+35966ec0 (AXSA:2023-4653:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4653:01 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch:...

CVE-2025-20760

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

CGA-4653-9JR7-V829

Bulletin has no description...

CVE-2025-4653

Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...

CVE-2025-4653

creationtimestamp| type| source ---|---|--- 2025-06-10 17:41:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrbgunogjg2u 2025-06-10 18:33:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17957 2025-08-07 06:46:55+00:00| seen|...

CVE-2025-4653

Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...

CVE-2025-4653 Remote Code Execution leads to Command Injection

Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...

CVE-2025-4653

CVE-2025-4653 affects Pandora ITSM 5.0.105 due to improper neutralization of special elements in the backup name field, enabling command injection and authenticated remote code execution. Public materials describe an in-application backup name parameter vulnerability exploitable with admin access...

CVE-2025-4653 Remote Code Execution leads to Command Injection

Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...

CVE-2024-4653

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...

Linux Distros Unpatched Vulnerability : CVE-2014-4653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local...

CVE-2024-4653 BlueNet Technology Clinical Browsing System outIndex.php sql injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...

CVE-2018-4653

Rejected reason: This candidate is unused by its CNA...

CVE-2023-4653 Cross-site Scripting (XSS) - Stored in instantsoft/icms2

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4653

CVE-2023-4653 is a stored XSS vulnerability in instantsoft/icms2 prior to 2.16.1-git. The Red Hat and CVE records corroborate stored XSS in icms2, affecting versions before 2.16.1-git. The issue stems from input handling in the affected module (admin/comments path in the Huntr PoC reference), ena...

CVE-2023-4653 Cross-site Scripting (XSS) - Stored in instantsoft/icms2

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2023-4653 Cross-site Scripting (XSS) - Stored in instantsoft/icms2

Cross-site Scripting XSS - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

CVE-2022-4653

creationtimestamp| type| source ---|---|--- 2023-01-16 18:24:06+00:00| seen| https://t.me/cibsecurity/56538...

CVE-2022-4653

Greenshift WordPress plugin prior to 4.8.9 is affected: it fails to validate/escape a shortcode attribute, allowing stored XSS by users with as low as contributor. Impact is stored XSS; PoC demonstrates injection via a shortcode. Remediation: update to version 4.8.9 or later. (CVE-2022-4653)

CVE-2022-4653 Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...