61 matches found
CVE-2023-3057
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The...
CVE-2025-3057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...
CVE-2025-3057
creationtimestamp| type| source ---|---|--- 2025-04-01 01:54:26+00:00| seen| https://t.me/cvedetector/21657...
CVE-2025-3057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...
CVE-2025-3057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...
CVE-2025-3057 Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...
CVE-2025-3057
Drupal core is affected by CVE-2025-3057: an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability. Affected is Drupal core in multiple lines: 8.0.0–before 10.3.13; 10.4.0–before 10.4.3; 11.0.0–before 11.0.12; 11.1.0–before 11.1.3. Root cause is improper input handling d...
CVE-2024-3057
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation...
CVE-2024-3057
creationtimestamp| type| source ---|---|--- 2024-10-08 20:24:10+00:00| seen| https://t.me/cvedetector/7391...
SUSE SLES15 / openSUSE 15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (SUSE-SU-2023:3057-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3057-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
CVE-2023-3057 YFCMF Ajax.php path traversal
A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '../filedir'. The attack may be initiated remotely. The...
CVE-2023-3057
CVE-2023-3057 affects YFCMF up to 3.0.4. The vulnerability arises from unknown processing in app/admin/controller/Ajax.php, where manipulating the controllername argument enables path traversal via "../filedir". This potentially allows remote attackers to access restricted files. The exploit has ...
Debian: Security Advisory (DLA-151-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2006-3057
Unspecified vulnerability in NetworkManager daemon for DHCP dhcdbd allows remote attackers to cause a denial of service crash via certain invalid DHCP responses that trigger memory corruption...
SUSE CVE-2011-3057
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation...
Fedora: Security Advisory for chromium (FEDORA-2022-3f28aa88cf)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-3057
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-3057
CVE-2022-3057 affects Google Chrome prior to 105.0.5195.52, where an inappropriate implementation in the iframe Sandbox could allow a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (iframe Sandbox component). Root cause per sources: flawed Sandb...
openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10120-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10120-1 advisory. - Use after free in Network Service. CVE-2022-3038 - Use after free in WebSQL. CVE-2022-3039, CVE-2022-3041 - Use after free in Layout...
Microsoft Edge (Chromium) < 105.0.1343.25 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.25. It is, therefore, affected by multiple vulnerabilities as referenced in the September 1, 2022 advisory. - Use after free in Network Service. CVE-2022-3038 - Use after free in WebSQL. CVE-2022-3039,...