92 matches found
MINI-4924-7HC6-26WV
Bulletin has no description...
CVE-2026-4924
creationtimestamp| type| source ---|---|--- 2026-04-01 23:26:58+00:00| seen| Telegram/lZIbbZM6hBayBvqPlVKcR-m9kDIyKTvGCXDWINXAPChKhQ 2026-04-02 07:16:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miinwrvufm2w 2026-04-05 11:40:10+00:00| seen|...
CVE-2026-4924
CVE-2026-4924 concerns Devolutions Server 2026.1.11 and earlier, where improper authentication in the 2FA feature allows a remote attacker with valid credentials to bypass MFA and gain unauthorized access by reusing a partially authenticated session token. The affected component is the 2FA mechan...
ECHO-CABD-7414-4924
Bulletin has no description...
CVE-2023-4924
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...
CGA-MJWM-4924-VQ65
Bulletin has no description...
CVE-2010-4924
PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party...
CVE-2025-4924
creationtimestamp| type| source ---|---|--- 2025-05-19 09:38:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16836 2025-05-19 13:13:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpjnnjmvep2p...
CVE-2025-4924 SourceCodester Client Database Management System user_void_transaction.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /uservoidtransaction.php. The manipulation of the argument orderid leads to sql injection. It is possible to launch the attack remotely...
CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting
The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4924 Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting
The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4924
CVE-2024-4924 affects the Social Sharing Plugin (Sassy Social Share) for WordPress, where versions before 3.3.63 do not sanitize/escape certain plugin settings. This can allow high-privilege users (e.g., admins) to perform Stored Cross-Site Scripting, even when unfiltered_html is disallowed (such...
WordPress Sassy Social Share Plugin < 3.3.63 is vulnerable to Cross Site Scripting (XSS)
Software Sassy Social Share Type Plugin Vulnerable versions 3.3.63 Fixed in 3.3.63 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4924 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8218db38fbf6 Credits Dmitrii Ignatyev...
CGA-4924-8F2C-2FPR
Bulletin has no description...
CVE-2023-4924
creationtimestamp| type| source ---|---|--- 2023-10-20 12:41:23+00:00| seen| https://t.me/cibsecurity/72679...
CVE-2023-4924
CVE-2023-4924 affects BEAR – Bulk Editor and Products Manager Pro for WooCommerce (Pluginus.Net). Versions up to 1.1.3.3 are vulnerable due to missing capability checks in woobe_bulkoperations_delete, enabling authenticated users with subscriber access or higher to delete products. Red Hat/NVD/Wo...
CVE-2023-4924 BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion
The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobebulkoperationsdelete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products...
CVE-2022-4924
creationtimestamp| type| source ---|---|--- 2023-07-29 07:30:11+00:00| seen| https://t.me/cibsecurity/67411...
CVE-2022-4924
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2022-4924
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...