CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

CVE-2023-4654

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

Linux Distros Unpatched Vulnerability : CVE-2010-4654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. CVE-2010-4654 Note that Nessus relies on the presence of the packa...

CVE-2025-4654

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the makesignature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettr...

CVE-2025-4654

creationtimestamp| type| source ---|---|--- 2025-07-02 04:12:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/20098 2025-07-02 09:02:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsxu4y5ttm2k...

CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the makesignature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettr...

CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the makesignature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettr...

CVE-2025-4654

CVE-2025-4654 – WordPress Soumettre.fr plugin : The vulnerability arises from improper authorization checks in the make_signature function, affecting all versions up to 2.1.5. This allows unauthenticated attackers to create, edit, or delete Soumettre posts, but only on installations where the sou...

WordPress Soumettre.fr plugin <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion vulnerability

Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Soumettre.fr versions = 2.1.5...

CVE-2024-4654

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTICODE leads to sql injection. It is possible to initiate the attack remotely...

CVE-2022-4654

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4654

creationtimestamp| type| source ---|---|--- 2025-03-28 14:27:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9359...

CVE-2024-4654

CVE-2024-4654 affects BlueNet Technology Clinical Browsing System v1.2.1. The vulnerability resides in /xds/cloudInterface.php where manipulating the INSTI_CODE parameter triggers SQL injection. Attackers may exploit remotely, and the exploit has been disclosed publicly. Several sources corrobora...

CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTICODE leads to sql injection. It is possible to initiate the attack remotely...

CVE-2010-4654

creationtimestamp| type| source ---|---|--- 2024-02-13 11:31:18+00:00| seen| https://t.me/ctinow/183748...

Rocky Linux 8 : python27:2.7 (RLSA-2020:4654)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4654 advisory. - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because...

Oracle Linux 8 : python27:2.7 (ELSA-2020-4654)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4654 advisory. - The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can...

CVE-2023-4654

creationtimestamp| type| source ---|---|--- 2023-08-31 08:56:55+00:00| seen| https://t.me/cibsecurity/69501...

CVE-2023-4654

The CVE-2023-4654 issue affects instantsoft/icms2 prior to 2.16.1, where an HTTPS session cookie is marked without the Secure attribute. Multiple sources (NVD entry, Red Hat advisory) corroborate this description. The root cause is the missing Secure flag on a session cookie, enabling potential c...

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...