CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

CVE-2023-4654

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

Linux Distros Unpatched Vulnerability : CVE-2010-4654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. CVE-2010-4654 Note that Nessus relies on the presence of the packa...

CVE-2025-4654

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the makesignature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettr...

CVE-2025-4654

creationtimestamp| type| source ---|---|--- 2025-07-02 04:12:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/20098 2025-07-02 09:02:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsxu4y5ttm2k...

CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the makesignature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettr...

CVE-2025-4654

CVE-2025-4654 – WordPress Soumettre.fr plugin : The vulnerability arises from improper authorization checks in the make_signature function, affecting all versions up to 2.1.5. This allows unauthenticated attackers to create, edit, or delete Soumettre posts, but only on installations where the sou...

CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the makesignature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettr...

WordPress Soumettre.fr plugin <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion vulnerability

Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Soumettre.fr versions = 2.1.5...

CVE-2024-4654

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTICODE leads to sql injection. It is possible to initiate the attack remotely...

CVE-2022-4654

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4654

creationtimestamp| type| source ---|---|--- 2025-03-28 14:27:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9359...

CVE-2024-4654

CVE-2024-4654 affects BlueNet Technology Clinical Browsing System v1.2.1. The vulnerability resides in /xds/cloudInterface.php where manipulating the INSTI_CODE parameter triggers SQL injection. Attackers may exploit remotely, and the exploit has been disclosed publicly. Several sources corrobora...

CVE-2024-4654 BlueNet Technology Clinical Browsing System cloudInterface.php sql injection

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTICODE leads to sql injection. It is possible to initiate the attack remotely...

CVE-2010-4654

creationtimestamp| type| source ---|---|--- 2024-02-13 11:31:18+00:00| seen| https://t.me/ctinow/183748...

Rocky Linux 8 : python27:2.7 (RLSA-2020:4654)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4654 advisory. - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because...

Oracle Linux 8 : python27:2.7 (ELSA-2020-4654)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4654 advisory. - The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can...

CVE-2023-4654

creationtimestamp| type| source ---|---|--- 2023-08-31 08:56:55+00:00| seen| https://t.me/cibsecurity/69501...

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...

CVE-2023-4654 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1...