CVE-2026-4824

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

CVE-2026-4824

creationtimestamp| type| source ---|---|--- 2026-03-26 00:44:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhwervgkyq2s...

CVE-2026-4824

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

RHEL 9 : compat-openssl11 (RHSA-2026:4824)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4824 advisory. The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the...

CVE-2023-4824

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

📄 HP Intelligent Management 5.1 E0201 Account Creation

Proof of concept for an old bypass vulnerability in HP Intelligent Management version 5.1 E0201 that allows for account creation. ============================================================================================================================================= | Title : HP Intelligent...

CVE-2022-4824

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2012-4824

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter...

CVE-2025-4824

The CVE-2025-4824 entry concerns TOTOLINK A702R, A3002R and A3002RU (version 3.0.0-B20230809.1615). A vulnerability in the HTTP POST Request Handler affects the /boafrm/formWsc file, where manipulation of the submit-url argument causes a buffer overflow. Impact described as remote execution feasi...

HP Intelligent Management SOM Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management SOM Account Creation', 'Description' = %q This module exploits a lack of authentication and access control in HP...

CGA-V6W2-Q3PV-4824

Bulletin has no description...

CVE-2024-4824

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...

SUSE: Security Advisory (SUSE-SU-2023:4824-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4824

The CVE-2023-4824 vulnerability affects the WordPress plugin/theme WooHoo Newspaper Magazine Theme

Ubuntu 16.04 ESM : Varnish vulnerability (USN-4824-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4824-1 advisory. It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information. Tenable has...

CVE-2018-4824

Rejected reason: This candidate is unused by its CNA...

CVE-2022-4824

The CVE-2022-4824 entry concerns the WordPress plugin WP Blog and Widgets (before version 2.3.1). Multiple sources confirm a Stored XSS vulnerability caused by not validating and escaping certain shortcode attributes, enabling users with as low as Contributor to target high-privilege admins. The ...

CVE-2022-4824 WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4824 WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

WordPress WP Blog and Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Blog and Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4824 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID db9b8648db51 Credits Lana Codes Requir...