CVE-2026-9303

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...

MiracleLinux 9 : podman-4.9.4-5.el9_4 (AXSA:2024-8550:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8550:06 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Post Expirator versions = 4.9.3...

CVE-2023-43986

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken...

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

EUVD-2023-3124

Malicious code in bioql PyPI...

CVE-2025-52795 WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4...

WordPress Verge3D plugin <= 4.9.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin Verge3D versions = 4.9.4...

Hasleo Backup Suite Free 安全漏洞

Hasleo Backup Suite Free EasyUEFI Backup Suite Free is a completely free Windows backup software from Hasleo. A security vulnerability exists in Hasleo Backup Suite Free v4.9.4 and earlier versions, which stems from the vulnerability to unsecured privileges through the file recovery feature...

PT-2024-28588

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Vouchers versions 4.9.4 and earlier Description The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables attackers to bypass capability...

WordPress Download Monitor Plugin <= 4.9.4 is vulnerable to SQL Injection

Software Download Monitor Type Plugin Vulnerable versions = 4.9.4 Fixed in 4.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30501 Patch priority Low CVSS severity Low 7.6 Developer WPChill PSID 3e76ad1985a5 Credits movrment Required privilege Administrator Published 28...

GHSA-699G-Q6QH-Q4V8 OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4

Context Merge conflict resolution issue when porting the v5.0.1 Multicall update to the v4.9 branch caused a duplicated line. Impact Versions using Multicall from @openzeppelin/[email protected] and @openzeppelin/[email protected] will execute each subcall twice. Concretely, this exposes ...

CVE-2023-49798 Duplicated execution of subcalls in OpenZeppelin Contracts

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

DM Concept configurator SQL Injection Vulnerability

DM Concept configurator is an application from DM Concept, Inc. A security vulnerability exists in DM Concept configurator versions prior to v4.9.4 that stems from a SQL injection vulnerability in the component ConfiguratorAttachment...

PT-2023-29060 · Unknown · Dm Concept Configurator

Name of the Vulnerable Software and Affected Versions: DM Concept configurator versions prior to 4.9.4 Description: The issue is related to a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Recommendations: For versions prior to 4.9.4, update to version...

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Links Page Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a20af666246 Credits István Márton Required...

phpMyAdmin 4.8.x < 4.9.4 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

Fedora 30 : phpMyAdmin (2020-cb89758335)

Version 4.9.4 2020-01-07 - issue 15724 Fix 2FA was disabled by a bug - issue security Fix SQL injection vulnerability on the user accounts page PMASA-2020-1 ---- Version 4.9.3 2019-12-26 - issue 15570 Fix page contents go underneath of floating menubar in some cases - issue 15591 Fix php notice...

WordPress Update Breaks Automatic Update Feature—Apply Manual Update

WordPress administrators are once again in trouble. WordPress version 4.9.3 was released earlier this week with patches for a total 34 vulnerabilities, but unfortunately, the new version broke the automatic update mechanism for millions of WordPress websites. WordPress team has now issued a new...