60 matches found
DEBIAN-CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
Photon OS 5.0: Curl PHSA-2026-5.0-0838
An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0838. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
BELL-CVE-2026-4873
Bulletin has no description...
SUSE CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CVE-2026-4873
creationtimestamp| type| source ---|---|--- 2026-04-29 06:51:40+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkmj5tu7cu2x 2026-04-29 12:45:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkn4vufiap2k...
RHSA-2024:4873
creationtimestamp| type| source ---|---|--- 2025-08-30 10:23:06+00:00| seen| Telegram/y04OMmpXkIonJuNQPKrf7N0zQs6VD7fXMh7ZvBcfO766kXE...
CVE-2012-4873
Cross-site scripting XSS vulnerability in the filedownload function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
CVE-2025-4873
creationtimestamp| type| source ---|---|--- 2025-05-18 12:53:15+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lph3y7qq2xp2 2025-05-18 13:08:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lph4vekhlx24...
CVE-2025-4873
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched...
CVE-2025-4873 PHPGurukul News Portal Login index.php sql injection
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched...
CVE-2025-4873 PHPGurukul News Portal Login index.php sql injection
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched...
CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...
WordPress Replace Image Plugin <= 1.1.10 is vulnerable to Broken Access Control
Software Replace Image Type Plugin Vulnerable versions = 1.1.10 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 262021d9f7c1 Credits Jin Hao Chan Required privilege...
CVE-2023-4873
The CVE-2023-4873 entry concerns Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform (up to 20230906). Affects an unknown function in /importexport.php where manipulating the sql argument triggers an OS command injection. Exploitation can be carried out remotely, and pu...
CVE-2023-4873 Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection
A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is...
CVE-2022-4873
creationtimestamp| type| source ---|---|--- 2023-01-18 16:47:18+00:00| published-proof-of-concept| https://t.me/ctinow/87639 2023-01-19 13:10:07+00:00| published-proof-of-concept| https://t.me/truesecator/3959...
Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers
Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router...
CVE-2022-4873
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...
CVE-2022-4873
CVE-2022-4873 is a stack-based buffer overflow in the Netcomm NF20MESH, NF20, and NL1902 sessionKey handling that can overwrite the instruction pointer and crash the app. Related CVE-2022-4874 is an authentication bypass; together these flaws enable remote code execution when exploited in affecte...