115 matches found
CVE-2026-4840
A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Performing a manipulation of the argument IpAddr results in os command injection. Remote exploitation ...
CVE-2026-4840
creationtimestamp| type| source ---|---|--- 2026-03-26 04:16:40+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4840 2026-03-26 05:18:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwu3eol3e2t 2026-03-26 06:00:32+00:00| seen|...
MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.91-2.6.2.1.0.1.el7.AXS7 (AXSA:2015-517:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-517:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2015-4734 RESERVED This candidate has been reserved by an organization ...
EUVD-2025-200173
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...
CVE-2025-20754
CVE-2025-20754 affects MediaTek’s Modem component. The issue is an incorrect bounds check that can cause a system crash, leading to remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and is possible remotely via a network path. The vulne...
EUVD-2011-4790
Malware in sbrugna...
CVE-2024-4840
creationtimestamp| type| source ---|---|--- 2025-08-30 16:23:03+00:00| seen| Telegram/jrxm13MAseS9LEtnbTJYLyGZcr6E-x4kCO5HNbDjL0VjBBk...
CVE-2025-4840
The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-4840
creationtimestamp| type| source ---|---|--- 2025-06-10 06:30:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17834 2025-06-10 09:59:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lramzvpfgj2p 2025-09-29 21:02:22+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2015-4840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors...
CVE-2022-4840
Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.1...
RHEL 9 : RHOSP 17.1.4 (openstack-tripleo-heat-templates) (RHSA-2024:9978)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9978 advisory. Heat templates for TripleO Security Fixes: cleartext passwords exposed in logs CVE-2024-4840 For more details about the security issues, including th...
Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-heat-templates) security update
An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
CVE-2024-4840
An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...
Ubuntu 18.04 ESM : Singularity vulnerabilities (USN-4840-1)
The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4840-1 advisory. It was discovered that Singularity incorrectly handled certain inputs. An attacker could possibly use this issue to obtain sensitive information...
CVE-2023-4840
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-4840
MapPress Maps for WordPress (a WordPress plugin) has a stored XSS in the mappress shortcode for versions up to 2.88.4 caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires an authenticated attacker with contributor-level permissions or hi...
WordPress MapPress Maps for WordPress Plugin <= 2.88.4 is vulnerable to Cross Site Scripting (XSS)
Software MapPress Maps for WordPress Type Plugin Vulnerable versions = 2.88.4 Fixed in 2.88.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4840 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4fb9c1035c4b Credits Lana Codes...
CVE-2022-4840 Cross-site Scripting (XSS) - Stored in usememos/memos
Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4840
CVE-2022-4840 : A stored Cross-site Scripting (XSS) vulnerability exists in the GitHub project usememos/memos for versions prior to 0.9.1. The issue is triggered when untrusted user input is included in outputs without proper validation, enabling script injection. The Red Hat/OSV/PT-Security/GHSA...