CVE-2026-4974

creationtimestamp| type| source ---|---|--- 2026-03-27 21:23:25+00:00| published-proof-of-concept| Telegram/wWPS0byCXjzJleEHKN6yjldptusIbQ1L7WvvuLFtEg9AE-Q 2026-03-27 23:45:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi3cfrfb6l2n 2026-03-30 22:00:14+00:00| seen|...

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2024-4974

creationtimestamp| type| source ---|---|--- 2025-02-18 21:11:32+00:00| seen| Telegram/sYzXgOwIx4wjy7KWIAMEiktYqxTTU4nFg3-POiKv3lUR5Ew...

CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...

CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...

CentOS 6 : chromium-browser (RHSA-2020:4974)

The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4974 advisory. - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a craft...

Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...

SUSE SLES15 / openSUSE 15 Security Update : distribution (SUSE-SU-2023:4974-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4974-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Academy LMS 6.2 SQL Injection Vulnerability

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 / CWE-707 Greeting...

CVE-2023-4974

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

CVE-2023-4974 Academy LMS GET Parameter filter sql injection

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

CVE-2023-4974

CVE-2023-4974 affects Academy LMS 6.2 (Creative Item). The vulnerability is a SQL injection in the GET parameter handler for /academy/tutor/filter, via price_min and price_max, allowing unauthenticated remote exploitation. Multiple sources (NVD/Nuclei template/Exploit-DB) confirm the vector as a ...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.15.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.15.0) +1 more potentially affected by CVE-2017-4974 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.15.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.15.0 Source cves: CVE-2017-4974 Source advisory: OSV:GHSA-CW9C-V3V2-99HM...

Debian DSA-4974-1 : nextcloud-desktop - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4974 advisory. - Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the Register...

CVE-2020-4974

creationtimestamp| type| source ---|---|--- 2021-07-28 16:42:24+00:00| seen| https://t.me/reconshell/839...

CVE-2020-4974

IBM Jazz Foundation products are vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434...

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2015-4974, CVE-2015-4981)

Summary Security vulnerabilities have been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5: - could allow a local non privileged attacker to execute commands with root privileges CVE-2015-4974 - could allow a local non privileged attacker to read system...

Ubuntu: Security Advisory (USN-4974-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS : Lasso vulnerability (USN-4974-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4974-1 advisory. It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this ...