CVE-2026-4707 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-4707

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260325 2026-03-25 04:01:23+00:00| seen| https://bsky.app/profile/slackers.it/post/3mhu7d3b6sc2j...

Linux Distros Unpatched Vulnerability : CVE-2026-4707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbi...

firefox-esr-140.9.0-1.1 on GA media (moderate)

firefox-esr-140.9.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10413-1 Rating: moderate Cross-References: CVE-2025-59375 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686 CVE-2026-4687 CVE-2026-4688 CVE-2026-4689 CVE-2026-4690 CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694 CVE-2026-4695...

CVE-2023-4707

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier...

CVE-2025-4707

creationtimestamp| type| source ---|---|--- 2025-05-15 19:03:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpa7cx3pev2p...

CVE-2025-4707

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transactionadd.php. The manipulation of the argument prodname leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2025-4707 Campcodes Sales and Inventory System transaction_add.php sql injection

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transactionadd.php. The manipulation of the argument prodname leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2025-4707

Campcodes Sales and Inventory System 1.0 is affected by CVE-2025-4707. The vulnerability arises from improper handling of the prod_name argument in the file /pages/transaction_add.php, enabling SQL injection. It can be triggered remotely, and multiple sources note public disclosure. In practice, ...

CVE-2025-4707 Campcodes Sales and Inventory System transaction_add.php sql injection

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transactionadd.php. The manipulation of the argument prodname leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2024-4707

CVE-2024-4707 is a vulnerability in the Materialis Companion WordPress plugin (WordPress plugin) that enables Stored Cross-Site Scripting via the plugin shortcode materialis_contact_form. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, affect...

CVE-2024-4707 Materialis Companion <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

RHEL 4 : pam (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pam: pamenv and pammail accessing users' file with root privileges CVE-2010-3435 - pam: pamxauth: Does no...

MAL-2024-600 Malicious code in wlwz-2312-4707 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9570305fd15aa43d32dfa404dc8e107b9af226559abd3c1781e32d3672a96536 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-4707 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9570305fd15aa43d32dfa404dc8e107b9af226559abd3c1781e32d3672a96536 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2018-4707

Rejected reason: This candidate is unused by its CNA...

Clcknshop 1.0.0 Cross Site Scripting

Exploit Title: Clcknshop 1.0.0 - Reflected XSS Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...

CVE-2023-4707

creationtimestamp| type| source ---|---|--- 2023-09-01 22:14:02+00:00| seen| https://t.me/cibsecurity/69683...

CVE-2023-4707

Infosoftbd Clcknshop 1.0.0 is affected. Vulnerability exists in /collection/all; manipulating GET parameter q triggers reflected cross-site scripting (XSS). Exploitation is described as possible remotely; some sources imply potential for session or credential exposure, though explicit exploit det...

CVE-2023-4707 Infosoftbd Clcknshop all cross site scripting

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier...