Oracle Linux 7 : firefox (ELSA-2026-8427)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-8427 advisory. - Update to 140.9.0 ESR Orabug: 39361657CVE-2026-4684CVE-2026-4685 CVE-2026-4686CVE-2026-4687CVE-2026-4688CVE-2026-4689CVE-2026-4690...

CVE-2026-4702 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-4702

creationtimestamp| type| source ---|---|--- 2026-03-25 01:39:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhtxf4z7iv2d 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260325 2026-03-25 04:01:23+00:00|...

firefox-esr-140.9.0-1.1 on GA media (moderate)

firefox-esr-140.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10413-1 Rating: moderate Cross-References: CVE-2025-59375 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686 CVE-2026-4687 CVE-2026-4688 CVE-2026-4689 CVE-2026-4690 CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694 CVE-2026-4695...

CVE-2026-4702

CVE-2026-4702 concerns a JIT miscompilation in the JavaScript Engine. Affected products are Firefox versions older than 149 and Firefox ESR older than 140.9. The linked sources confirm the issue but do not provide explicit exploitation details or remediation steps within the provided documents. T...

CVE-2026-4702

JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-4702

JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

MiracleLinux 9 : runc-1.1.4-1.el9 (AXSA:2023-4702:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4702:01 advisory. runc: incorrect handling of inheritable capabilities CVE-2022-29162 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2023-4702

creationtimestamp| type| source ---|---|--- 2025-06-25 13:50:54+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19443...

CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on...

CVE-2012-4702

360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session...

CVE-2009-4702

SQL injection vulnerability in the Tour Extension pmtour extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2025-4702

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. T...

CVE-2025-4702

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. T...

CVE-2025-4702 PHPGurukul Vehicle Parking Management System add-category.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql injection. It is possible to launch the attack remotely. T...

CVE-2025-4702

CVE-2025-4702 affects PHPGurukul Vehicle Parking Management System v1.13. The vulnerability is an SQL injection in an unknown function of /admin/add-category.php triggered by manipulating the catename parameter. It is exploitable remotely and the exploit has been disclosed publicly. Multiple sour...

RHEL 8 / 9 : OpenShift Container Platform 4.15.23 (RHSA-2024:4702)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4702 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

CVE-2024-4702

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

WordPress Mega Elements Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4702 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ecd07d502745 Credits stealthcopter Required...

Malicious code in wlwz-2312-4702 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df602581a96b375f8e4198698691551b491e075af11f87f9cbcae0d36ef5a480 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...