Lucene search
K

11 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.18 views

PT-2026-50801

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34947

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2026/04/06 4:22 p.m.6 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS7.1AI score0.00651EPSS
Exploits0
EUVD
EUVD
added 2025/10/14 9:30 p.m.5 views

EUVD-2025-34476

Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.1AI score0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/07 9:21 p.m.5 views

CVE-2025-11276

A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this...

5.1CVSS5.8AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2025/10/05 2:15 a.m.21 views

CVE-2025-11276

A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this...

5.1CVSS0.00233EPSS
Exploits0References4
CVE
CVE
added 2025/10/05 1:2 a.m.13 views

CVE-2025-11276

CVE-2025-11276 affects Rebuild up to 4.1.3, with the Comment/Guestbook component vulnerable to cross-site scripting via remote manipulation. Upgrade to 4.1.4 to fix. Public exploitation status is not detailed in the provided documents; multiple sources note vendor confirmation in private communic...

5.1CVSS3.9AI score0.00233EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.7 views

PT-2024-1642 · Splunk · Splunk Add-On Builder

Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.4 Description: The issue is related to improper handling of log output, allowing a remote attacker to write arbitrary information to internal log files. This can lead to the exposure of sensitive...

8.2CVSS7AI score0.00388EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/09/20 7:58 p.m.7 views

CVE-2022-38931

A Server-Side Request Forgery SSRF in fetchnetfileupload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter...

7.4AI score0.01103EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/21 12:0 a.m.3 views

PrinterOn Enterprise Cross-Site Scripting Vulnerability

PrinterOn Enterprise is a secure cloud printing solution from PrinterOn Canada. The solution supports printing from laptops, desktops and mobile devices connected to printers. A cross-site scripting vulnerability exists in PrinterOn Enterprise version 4.1.4, which stems from a lack of proper...

5.4CVSS6.4AI score0.00632EPSS
Exploits1References1
CNVD
CNVD
added 2016/10/18 12:0 a.m.2 views

Linux kernel denial of service vulnerability (CNVD-2016-09488)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the mm/memory.c file in Linux kernel versions prior to 4.1.4, which stems from a program's failure to properly handle anonymous pages. A loc...

7.8CVSS7.7AI score0.00479EPSS
Exploits0References1
Rows per page
Query Builder