CVE-2026-4955

creationtimestamp| type| source ---|---|--- 2026-03-27 17:22:52+00:00| published-proof-of-concept| Telegram/pyEIr0Ko2hoCavwas1rlZ1K5Q5ZdrBNaOpK3idLXyAytNFs...

CVE-2026-4955

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

MiracleLinux 9 : webkit2gtk3-2.36.7-1.el9 (AXSA:2023-4955:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4955:02 advisory. webkitgtk: Use-after-free leading to arbitrary code execution CVE-2022-22624 webkitgtk: Use-after-free leading to arbitrary code execution...

ECHO-7C8E-4955-A901

Bulletin has no description...

CVE-2025-4955

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...

WordPress tarteaucitron.io plugin < 1.9.5 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin tarteaucitron.js – Cookies legislation & GDPR versions 1.9.5...

CVE-2025-4955

creationtimestamp| type| source ---|---|--- 2025-06-18 07:58:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrujyp4dhw2o...

CVE-2025-4955

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...

CVE-2025-4955 tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS

The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks...

CVE-2013-4955

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter...

CVE-2008-4955

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/-.pid, 2 /tmp/freevo-gdb, 3 /tmp/freevo-gdb.sh, and 4 /tmp/.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code...

Linux Distros Unpatched Vulnerability : CVE-2016-4955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by...

Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...

RHEL 6 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks...

RHEL 7 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks...

SUSE CVE-2022-4955

Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

Oracle Linux 9 : thunderbird (ELSA-2023-4955)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4955 advisory. 102.15.0-1.0.1 - Update to 102.15.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

AlmaLinux 9 : thunderbird (ALSA-2023:4955)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4955 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

RHEL 9 : thunderbird (RHSA-2023:4955)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4955 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla...

CVE-2022-4955

CVE-2022-4955 concerns Google Chrome before 108.0.5359.71, where an improper DevTools implementation could allow a user who installs a crafted extension via a malicious HTML page to bypass file access restrictions. The vulnerability stems from DevTools behavior and enables an attacker to exploit ...