MINI-HMC5-4944-MMR7

Bulletin has no description...

CVE-2026-4944

creationtimestamp| type| source ---|---|--- 2026-05-28 20:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwss4nokb2g 2026-05-28 21:34:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwxykvxhb2i...

CVE-2026-4944 Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

CVE-2026-4944

The provided documents describe a vulnerability in vllm-project/vllm version 0.14.1 where trust_remote_code is hardcoded to True in nemotron_vl.py and kimi_k25.py, bypassing user-specified --trust-remote-code=False and enabling remote code execution via malicious HuggingFace model repositories. T...

MINI-R3PC-6F99-4944

Bulletin has no description...

MiracleLinux 9 : nodejs:18 (AXSA:2023-4944:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4944:01 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548...

PT-2025-44319

Name of the Vulnerable Software and Affected Versions WatchGuard Mobile VPN with SSL client versions prior to 12.11.3 Description A local privilege escalation issue exists in the WatchGuard Mobile VPN with SSL client on Windows. A local user can execute arbitrary commands with elevated privileges...

MINI-RHMQ-4944-9H66

Bulletin has no description...

CVE-2025-4944

creationtimestamp| type| source ---|---|--- 2025-05-30 12:37:17+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqfaq7qlgze2...

CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Compare and Google Maps Widgets vulnerability discovered by Robert DeVore in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.2...

CVE-2022-4944

A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public a...

Linux Distros Unpatched Vulnerability : CVE-2011-4944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that...

CVE-2024-4944

creationtimestamp| type| source ---|---|--- 2024-07-09 05:32:46+00:00| seen| https://t.me/cvedetector/226...

SUSE: Security Advisory (SUSE-SU-2023:4944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4944

creationtimestamp| type| source ---|---|--- 2023-09-14 07:24:11+00:00| seen| https://t.me/cibsecurity/70426...

CVE-2023-4944

CVE-2023-4944 affects the WordPress plugin Awesome Weather Widget (WordPress plugin). The Red Hat and Wordfence records confirm a Stored Cross-Site Scripting (XSS) vulnerability via the shortcodes: specifically, the awesome-weather shortcode can be exploited due to insufficient input sanitization...

WordPress Awesome Weather Widget Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Awesome Weather Widget Type Plugin Vulnerable versions = 3.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4944 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID caba79ed19c3 Credits Lana Codes Required...

KodExplorer 4.49 - CSRF to Arbitrary File Upload Exploit

Exploit Title: KodExplorer ?php s...