CVE-2026-9594

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

CVE-2026-9303

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

CVE-2026-39482 WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through = 4.9.4...

MiracleLinux 9 : podman-4.9.4-5.el9_4 (AXSA:2024-8550:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8550:06 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Post Expirator versions = 4.9.3...

CVE-2023-43986

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken...

CVE-2023-49798

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

EUVD-2023-3124

Malicious code in bioql PyPI...

CVE-2025-52795 WordPress WP Front User Submit / Front Editor plugin <= 4.9.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4...

WordPress Verge3D plugin <= 4.9.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Mika in WordPress Plugin Verge3D versions = 4.9.4...

Hasleo Backup Suite Free 安全漏洞

Hasleo Backup Suite Free EasyUEFI Backup Suite Free is a completely free Windows backup software from Hasleo. A security vulnerability exists in Hasleo Backup Suite Free v4.9.4 and earlier versions, which stems from the vulnerability to unsecured privileges through the file recovery feature...

PT-2024-28588

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Vouchers versions 4.9.4 and earlier Description The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables attackers to bypass capability...

WordPress Download Monitor Plugin <= 4.9.4 is vulnerable to SQL Injection

Software Download Monitor Type Plugin Vulnerable versions = 4.9.4 Fixed in 4.9.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30501 Patch priority Low CVSS severity Low 7.6 Developer WPChill PSID 3e76ad1985a5 Credits movrment Required privilege Administrator Published 28...

GHSA-699G-Q6QH-Q4V8 OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4

Context Merge conflict resolution issue when porting the v5.0.1 Multicall update to the v4.9 branch caused a duplicated line. Impact Versions using Multicall from @openzeppelin/[email protected] and @openzeppelin/[email protected] will execute each subcall twice. Concretely, this exposes ...

CVE-2023-49798 Duplicated execution of subcalls in OpenZeppelin Contracts

OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...

DM Concept configurator SQL Injection Vulnerability

DM Concept configurator is an application from DM Concept, Inc. A security vulnerability exists in DM Concept configurator versions prior to v4.9.4 that stems from a SQL injection vulnerability in the component ConfiguratorAttachment...

PT-2023-29060 · Unknown · Dm Concept Configurator

Name of the Vulnerable Software and Affected Versions: DM Concept configurator versions prior to 4.9.4 Description: The issue is related to a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Recommendations: For versions prior to 4.9.4, update to version...

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Links Page Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a20af666246 Credits István Márton Required...

phpMyAdmin 4.8.x < 4.9.4 SQL Injection

The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...

Fedora 30 : phpMyAdmin (2020-cb89758335)

Version 4.9.4 2020-01-07 - issue 15724 Fix 2FA was disabled by a bug - issue security Fix SQL injection vulnerability on the user accounts page PMASA-2020-1 ---- Version 4.9.3 2019-12-26 - issue 15570 Fix page contents go underneath of floating menubar in some cases - issue 15591 Fix php notice...