CVE-2026-4779

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file updatecustomerdetails.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can b...

CGA-22HV-WP9Q-4779

Bulletin has no description...

CVE-2025-4779 Stored Cross-site Scripting (XSS) in lunary-ai/lunary

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...

CVE-2025-4779 Stored Cross-site Scripting (XSS) in lunary-ai/lunary

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...

CVE-2025-4779

CVE-2025-4779 affects lunary-ai/lunary prior to version 1.9.24. A stored XSS exists in the v1/runs/ingest endpoint: an unauthenticated attacker can inject JavaScript by sending an empty citations field, triggering a code path that uses dangerouslySetInnerHTML to render attacker-controlled text. I...

CVE-2010-4779

Cross-site scripting XSS vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouchsettings parameter to include/adsense-new.php. NOTE: some of these details are obtained from...

CVE-2005-4779

verifiedexecioctl in verifiedexec.c in NetBSD 2.0.2 calls NDINIT with UIOUSERSPACE rather than UIDSYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs...

CVE-2022-4779

creationtimestamp| type| source ---|---|--- 2025-04-10 20:49:37+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11342...

AlmaLinux 9 : python3 (ALSA-2024:4779)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4779 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

Oracle Linux 9 : python3 (ELSA-2024-4779)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4779 advisory. - Security fix for CVE-2024-4032 Resolves: RHEL-44106 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

RHEL 9 : python3 (RHSA-2024:4779)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4779 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

CGA-4779-25P4-J7H2

Bulletin has no description...

CVE-2024-4779

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to SQL Injection via the ‘datapostids0’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.107 is vulnerable to SQL Injection

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.107 Fixed in 1.5.108 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4779 Patch priority Low CVSS severity Low 8.5 Developer Unlimited Elements PSID 2c76236c1b5c...

Ubuntu 16.04 ESM : Gettext vulnerability (USN-4779-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4779-1 advisory. Danilo Segan discovered that Gettext mishandled certain input. An attacker could use this vulnerability to execute arbitrary code. Tenable has extracted the...

CVE-2023-4779

creationtimestamp| type| source ---|---|--- 2023-09-06 12:17:56+00:00| seen| https://t.me/cibsecurity/69971...

CVE-2023-4779

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's uspgallery shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible...

CVE-2023-4779

CVE-2023-4779 affects the WordPress plugin User Submitted Posts . The vulnerability is a stored XSS via the plugin’s [usp_gallery] shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes (e.g., ‘before’). Impact: authenticated attackers with contributo...

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

CVE-2022-4779 authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...