MINI-HQMV-VQ9F-4954

Bulletin has no description...

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2025-4954

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...

WordPress Axle Demo Importer plugin <= 1.0.3 - Author+ Arbitrary File Upload vulnerability

Author+ Arbitrary File Upload vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Axle Demo Importer versions = 1.0.3...

CVE-2025-4954

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...

CVE-2025-4954

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users author and above to upload arbitrary files such as PHP on the server...

CVE-2022-4954

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

Linux Distros Unpatched Vulnerability : CVE-2016-4954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer-variable modification by...

Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...

RHEL 6 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks...

RHEL 7 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks...

CVE-2011-4954

creationtimestamp| type| source ---|---|--- 2024-02-23 16:46:44+00:00| seen| https://t.me/ctinow/191917...

CVE-2022-4954

creationtimestamp| type| source ---|---|--- 2023-10-20 12:35:09+00:00| seen| https://t.me/cibsecurity/72652...

CVE-2022-4954 Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2022-4954

The CVE concerns the WordPress plugin Waiting: One-click countdowns (versions up to and including 0.6.2). The root cause is insufficient input sanitization and output escaping in the Countdown name, enabling Stored Cross‑Site Scripting. Exploitation requires attacker with administrator-level perm...

CVE-2022-4954 Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

Rocky Linux 8 : thunderbird (RLSA-2023:4954)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4954 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

Oracle Linux 8 : thunderbird (ELSA-2023-4954)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4954 advisory. 102.15.0-1.0.1 - Update to 102.15.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

RHEL 8 : thunderbird (RHSA-2023:4954)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4954 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla...

Siemens TIM 4R-IE Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2016-4954)

The processpacket function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service peer- variable modification by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication...