11 matches found
PT-2026-50801
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...
EUVD-2026-34947
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...
CVE-2026-34986
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...
EUVD-2025-34476
Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2025-11276
A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this...
CVE-2025-11276
A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this...
CVE-2025-11276
CVE-2025-11276 affects Rebuild up to 4.1.3, with the Comment/Guestbook component vulnerable to cross-site scripting via remote manipulation. Upgrade to 4.1.4 to fix. Public exploitation status is not detailed in the provided documents; multiple sources note vendor confirmation in private communic...
PT-2024-1642 · Splunk · Splunk Add-On Builder
Name of the Vulnerable Software and Affected Versions: Splunk Add-on Builder versions prior to 4.1.4 Description: The issue is related to improper handling of log output, allowing a remote attacker to write arbitrary information to internal log files. This can lead to the exposure of sensitive...
CVE-2022-38931
A Server-Side Request Forgery SSRF in fetchnetfileupload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter...
PrinterOn Enterprise Cross-Site Scripting Vulnerability
PrinterOn Enterprise is a secure cloud printing solution from PrinterOn Canada. The solution supports printing from laptops, desktops and mobile devices connected to printers. A cross-site scripting vulnerability exists in PrinterOn Enterprise version 4.1.4, which stems from a lack of proper...
Linux kernel denial of service vulnerability (CNVD-2016-09488)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the mm/memory.c file in Linux kernel versions prior to 4.1.4, which stems from a program's failure to properly handle anonymous pages. A loc...