CVE-2026-4946 NSA Ghidra Auto-Analysis Annotation Command Execution

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...

CVE-2026-4946

creationtimestamp| type| source ---|---|--- 2026-03-25 16:55:00+00:00| seen| http://takeonme.org/cves/cve-2026-4946/ 2026-03-29 20:18:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mi7xsulyfj2t 2026-03-29 21:00:31+00:00| seen|...

GHSA-MC3P-MQ2P-XW6V

creationtimestamp| type| source ---|---|--- 2026-03-25 16:55:00+00:00| seen| http://takeonme.org/cves/cve-2026-4946/...

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

MINI-4946-H5H9-RRX3

Bulletin has no description...

CVE-2025-4946

The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function

The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function

The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress Vikinger Theme <= 1.9.32 is vulnerable to Arbitrary File Deletion

Software Vikinger Type Theme Vulnerable versions = 1.9.32 Fixed in 1.9.33 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-4946 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID b0a366979549 Credits Foxyyy Required privilege Subscriber Publish...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2013-4946

Multiple cross-site scripting XSS vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the 1 SelTab parameter to QVadmin.aspx, the 2 CallBack parameter to QVgrid.aspx, or the 3 HelpPage parameter to commonhelp.aspx...

CVE-2008-4946

convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/setoutput temporary file, related to the 1 template/provision.sh, 2 LinuxCDInstall/provision.sh, 3 FedoraPVInstall/provision.sh, 4 CentOSPVInstall/provision.sh, 5 common/provision.sh, 6...

CVE-2024-4946

creationtimestamp| type| source ---|---|--- 2025-02-14 09:46:59+00:00| seen| Telegram/pcDOxgtNKOtkZdfejfJzmkiy-9HmtzQtRFz3VmJUyS2QPzo...

GHSA-4946-85PR-FVXH

creationtimestamp| type| source ---|---|--- 2024-03-15 17:51:56+00:00| seen| https://t.me/ctinow/208978...

SUSE: Security Advisory (SUSE-SU-2023:4946-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-4946

CVE-2022-4946 affects the Frontend Post WordPress Plugin (versions

CVE-2022-4946 Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

Ubuntu: Security Advisory (USN-4946-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-4946-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4946-1 advisory. It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use...

Virtuozzo 6 : libX11 / libX11-common / libX11-devel (VZLSA-2020-4946)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4946 advisory. - libX11: integer overflow leads to double free in locale handling CVE-2020-14363 Note that Nessus has not tested for this issue but has instead reli...