CVE-2026-3506

The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the...

EUVD-2025-206692

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

CVE-2018-1000141

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access read, write and delete to project discussions...

EUVD-2020-26460

Malware in sbrugna...

EUVD-2023-55658

Malicious code in bioql PyPI...

EUVD-2025-4226

Malicious code in bioql PyPI...

CVE-2025-53294

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through = 4.9...

CVE-2025-53294 WordPress Smart Agenda plugin <= 4.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Smart Agenda Smart Agenda smart-agenda-prise-de-rendez-vous-en-ligne allows Stored XSS.This issue affects Smart Agenda: from n/a through = 4.9...

CVE-2022-41873

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata...

CVE-2021-43799

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation until first reboot, or restart of RabbitMQ does not successfully limit the default ports which RabbitMQ opens; this...

WordPress plugin Glance That 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2024-10785 · Codoforum · Codoforum

Name of the Vulnerable Software and Affected Versions: Codoforum version 4.9 Description: An arbitrary file upload vulnerability in the Add Category function allows attackers to execute arbitrary code via uploading a crafted file. Recommendations: For Codoforum version 4.9, consider disabling the...

CVE-2023-39999

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...

CVE-2023-27316 Privilege Escalation Vulnerability in SnapCenter

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

libreswan security update

4.9-4.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.9-4 - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz2187171 4.9-3 - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz2187171...

PT-2023-6177 · Netapp · Snapcenter Plugin For Vmware Vsphere

Name of the Vulnerable Software and Affected Versions: SnapCenter Plugin for VMware vSphere versions 4.6 through 4.8 Description: The issue is related to insufficient access control in the SnapCenter Plugin for VMware vSphere, which may allow authenticated unprivileged users to modify email and...

SUSE CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

GSD-2023-1001066 vme: Fix error not catched in fake_init()

vme: Fix error not catched in fakeinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1000398 qed: allow sleep in qed_mcp_trace_dump()

qed: allow sleep in qedmcptracedump This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.19 by commit e0387f4f39a8d92302273ac356d1f6b2a38160d8, ...

GSD-2022-1007171 tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

tcp: fix a signed-integer-overflow bug in tcpaddbacklog This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.153 by commit...