CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-5004

creationtimestamp| type| source ---|---|--- 2026-03-27 14:09:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116301534081725054 2026-03-28 18:50:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mi5cevw2wq23 2026-03-28 19:15:23+00:00| published-proof-of-concept|...

CVE-2024-5004

The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2003-5004

creationtimestamp| type| source ---|---|--- 2025-05-22 23:53:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpscrssa7m2k...

CVE-2025-5004

A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/addcourse.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-5004

creationtimestamp| type| source ---|---|--- 2025-05-20 22:40:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17092 2025-05-21 03:13:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpnn27yrq22n...

CVE-2025-5004 projectworlds Online Time Table Generator add_course.php sql injection

A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/addcourse.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit...

CVE-2025-5004 projectworlds Online Time Table Generator add_course.php sql injection

A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/addcourse.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit...

Linux Distros Unpatched Vulnerability : CVE-2016-5004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service resource consumption ...

CVE-2024-5004

creationtimestamp| type| source ---|---|--- 2024-07-22 09:26:48+00:00| seen| https://t.me/cvedetector/1381...

CVE-2024-5004 CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS

The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-5004 CM Popup Plugin for WordPress < 1.6.6 - Contributor+ Stored XSS

The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

WordPress CM Pop-Up banners Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software CM Pop-Up banners Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5004 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2c09d4a685e6 Credits Felipe Caon Required...

RHEL 5 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

RHEL 6 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - The Content-Encoding HTT...

CVE-2016-5004

creationtimestamp| type| source ---|---|--- 2024-01-07 07:03:17+00:00| seen| https://t.me/arpsyndicate/2620...

CVE-2023-5004

creationtimestamp| type| source ---|---|--- 2023-09-29 00:36:56+00:00| seen| Telegram/DQUsSu798PiB5kh4xAJ0fgGiKZMbLxUMv45iBrjZ3QKw...

CVE-2023-5004

Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI...

CVE-2023-5004

The CVE-2023-5004 entry concerns the Hospital management system (version 378c157). The vulnerability is a SQL injection in the authentication flow that allows bypassing login, enabling unauthorized access. Multiple connected sources corroborate that the issue stems from SQLI in the authentication...

ae.teletronics.ejabberd:EjabberdXMLRPCClient (>=1.0.2 <=1.1.0), br.eti.kinoshita:testlink-java-api (>=1.9.0-1 <=1.9.20-1) +281 more potentially affected by CVE-2016-5004 via org.apache.xmlrpc:xmlrpc-common (>=3.0 <=3.1.3)

org.apache.xmlrpc:xmlrpc-common MAVEN version =3.0, =1.0.2, =1.9.0-1, =0.0.1, =0.0.1, =2.6.1.19, =8.1.0.286, =8.1.0.286, =8.1.0.286, =1.0.0.RELEASE, =0.5, =0.5, =0.7, =0.9 and more Source cves: CVE-2016-5004 Source advisory: OSV:GHSA-R2PG-W96P-PCPJ...