56 matches found
CVE-2026-20404
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
CVE-2006-4837
creationtimestamp| type| source ---|---|--- 2025-11-11 21:02:33+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m5ezvpgxed2f...
CVE-2011-4837
Cross-site request forgery CSRF vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs...
CVE-2013-4837
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832...
CVE-2025-4837
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /makegroupsql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-4837 projectworlds Student Project Allocation System make_group_sql.php sql injection
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /makegroupsql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-4837
CVE-2025-4837 affects projectworlds Student Project Allocation System 1.0. The vulnerability is a SQL injection in the file /make_group_sql.php, triggered by manipulating the arguments mem1, mem2, or mem3. It is possible to initiate the attack remotely, and exploit details have been disclosed pub...
CVE-2025-4837 projectworlds Student Project Allocation System make_group_sql.php sql injection
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /makegroupsql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2022-4837
creationtimestamp| type| source ---|---|--- 2025-03-27 19:26:44+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9173...
CVE-2024-4837 Trust Boundary Violation Vulnerability
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...
CVE-2024-4837 Trust Boundary Violation Vulnerability
In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...
Ubuntu 18.04 ESM : LibSass vulnerabilities (USN-4837-1)
The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4837-1 advisory. It was discovered that LibSass incorrectly handled certain specially crafted sass file. An attacker could possibly use this issue to cause a denial of...
CVE-2023-4837
creationtimestamp| type| source ---|---|--- 2023-10-10 14:27:04+00:00| seen| https://t.me/cibsecurity/71902...
CVE-2023-4837
SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the...
CVE-2023-4837 Cross-site request forgery (CSRF) in SmodBIP
SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the...
CVE-2023-4837 Cross-site request forgery (CSRF) in SmodBIP
SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the...
CVE-2023-4837
CVE-2023-4837 describes a Cross-Site Request Forgery vulnerability in SmodBIP. The issue affects all versions of SmodBIP and is not being fixed, as the project is no longer maintained. An attacker could induce logged-in users to perform unintended actions, including the creation of additional adm...
CVE-2022-4837
CVE-2022-4837 affects the CPO Companion WordPress plugin prior to 1.1.0. The vulnerability arises from insufficient validation/escaping of certain shortcode attributes, enabling Stored XSS with user roles as low as Contributor that could target admins or other high-privilege users. Exploit exampl...
RHEL 8 : mailman:2.1 (RHSA-2021:4837)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4837 advisory. Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: CSRF token bypass allows to perform CSRF attacks...
Debian DSA-4837-1 : salt - security update
Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the Salt API using the SSH...