Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

CVE-2025-4941

A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. T...

CVE-2025-4941

A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. T...

CVE-2025-4941

CVE-2025-4941 affects PHPGurukul Credit Card Application Management System 1.0, with a SQL injection in an unknown function of /admin/index.php triggered by manipulating the Username parameter. The vulnerability is remotely exploitable and has been publicly disclosed. Connected sources consistent...

CVE-2025-4941 PHPGurukul Credit Card Application Management System index.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. T...

PYSEC-2025-93

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +151 more potentially affected by CVE-2024-4941 via gradio (>=1.7.7 <=4.31.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.1, =0.8.11, =0.4.0, =0.7.0.dev134, =0.1.0rc1, =0.1.0rc2 - aqueduct-llm =0.0.1 and more Source cves: CVE-2024-4941 Source advisory: OSV:GHSA-6V6G-J5FQ-HPVW...

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

CVE-2024-4941

The CVE-2024-4941 issue affects gradio-app/gradio v4.25, specifically the JSON component. The root cause is improper input validation in gradio/components/json_component.py: a user-controlled string is parsed as JSON in postprocess(), and if a dict contains a path key, processing_utils.move_files...

CVE-2023-4941

creationtimestamp| type| source ---|---|--- 2023-10-20 12:41:05+00:00| seen| https://t.me/cibsecurity/72666...

CVE-2023-4941 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsswap function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

CVE-2023-4941

CVE-2023-4941 concerns BEAR – Bulk Editor and Products Manager for WooCommerce (WordPress plugin) up to version 1.1.3.3. The Red Hat/NVD/Wordfence entries describe a Missing Authorization flaw caused by a missing capability check in the woobe_bulkoperations_swap function, enabling authenticated u...

WordPress WCFM Membership Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WCFM Membership Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.10.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-4941 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 09fe2dd39646 Credits Chloe Chamberland...

Oracle Linux 8 : subversion:1.14 (ELSA-2022-4941)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4941 advisory. subversion 1.14.1-2 - add fix for CVE-2022-24070 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...

CVE-2020-4941

creationtimestamp| type| source ---|---|--- 2021-09-23 20:29:55+00:00| seen| https://t.me/cibsecurity/29323...

CVE-2020-4941

CVE-2020-4941 affects IBM Edge 4.2 and is an information-disclosure vulnerability where error pages could reveal sensitive server version information, aiding targeted attacks. The IBM Security Bulletin confirms an Unexpected Content-Type vulnerability with a CVSSv3 base score of 4.3 (MEDIUM) and ...

Security Bulletin: Unexpected Content-Type vulnerability affects IBM Edge (CVE-2020-4941)

Summary IBM Edge is affected by an Unexpected Content-Type vulnerability. IBM Edge has resolved this vulnerability. Vulnerability Details CVEID: CVE-2020-4941 DESCRIPTION: IBM Edge could reveal sensitive version information about the server from error pages that could aid an attacker in further...