59 matches found
es-intquery (=1.1.5) potentially affected by unknown CVE via msc-terminal (=3.2.0)
msc-terminal NPM version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on msc-terminal and may be impacted: - es-intquery =1.1.5 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4823...
CVE-2026-4823
creationtimestamp| type| source ---|---|--- 2026-03-26 00:59:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhwfmqpecr2d...
CVE-2023-4823
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...
CVE-2022-4823
A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopollcontroller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. Th...
CVE-2025-4823
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. Th...
CVE-2025-4823
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. Th...
CVE-2025-4823 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. Th...
CVE-2025-4823 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is the function submit-url of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. Th...
HP Intelligent Management BIMS DownloadServlet Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management BIMS DownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a...
RHEL 9 : kernel (RHSA-2024:4823)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4823 advisory. kernel: vmwgfx: multiple flaws CVE-2022-36402, CVE-2022-40133, CVE-2022-38457, CVE-2023-5633 kernel: nftables: CVE-2024-26581 kernel: uio:...
CGA-4823-V8JX-RX3Q
Bulletin has no description...
CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/officeadmin/' in the parameters esbankacc, esbankname, esbankpin, escheckno, estellernumber, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially...
CVE-2023-4823
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...
CVE-2023-4823 WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change...
CVE-2023-4823
CVE-2023-4823 affects the WordPress plugin “WP Meta and Date Remover” (versions prior to 2.2.0). The vulnerability arises from an AJAX endpoint used to configure plugin settings that lacks capability checks and does not sanitize user input, with the input later output unescaped. This enables Stor...
WordPress WP Meta and Date Remover Plugin < 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Meta and Date Remover Type Plugin Vulnerable versions 2.2.0 Fixed in 2.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4823 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e96e6b729f00 Credits dc11 Requir...
CVE-2018-4823
Rejected reason: This candidate is unused by its CNA...
CVE-2022-4823
creationtimestamp| type| source ---|---|--- 2022-12-29 00:12:39+00:00| seen| https://t.me/cibsecurity/55514...
CVE-2022-4823
The CVE-2022-4823 entry concerns InSTEDD Nuntium, affecting an unknown function in the file app/controllers/geopoll_controller.rb. The issue arises from manipulation of the signature argument, which leads to observable timing discrepancy and could be exploited remotely. A patch named 77236f7fd71a...
Security Bulletin: IBM WebSphere Real Time clients affected by vulnerabilities in IBM JRE (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)
Abstract These vulnerabilities are only applicable to Java deployments where untrusted code may be executed under a security manager e.g. Java applets running in a web browser. Content VULNERABILITY DETAILS: CVE IDs: CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823 DESCRIPTION: There ar...