CVE-2026-3064 HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection

A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launche...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2023-7318:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7318:02 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper...

CVE-2022-3064 affecting package buildah for versions less than 1.41.4-2

CVE-2022-3064 affecting package buildah for versions less than 1.41.4-2. An upgraded version of the package is available that resolves this issue...

AlmaLinux 8 : container-tools:4.0 (ALSA-2023:6938)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:6938 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handlin...

CVE-2025-3064

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064

creationtimestamp| type| source ---|---|--- 2025-04-08 08:46:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10881 2025-04-08 11:48:23+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114302183167585816 2025-04-08 12:07:13+00:00| seen|...

CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-3064

CVE-2025-3064 : WordPress plugin WPFront User Role Editor (affected versions up to 4.2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in whitelist_options(). This allows unauthenticated attackers to update the default role option, enabling privilege escal...

WordPress WPFront User Role Editor plugin <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function vulnerability

Cross-Site Request Forgery to Privilege Escalation via whitelistoptions Function vulnerability discovered by WordFence in WordPress Plugin WPFront User Role Editor versions = 4.2.1...

RHEL 8 : postgresql:12 (RHSA-2025:3064)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3064 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL quoting APIs miss neutralizing...

Linux Distros Unpatched Vulnerability : CVE-2022-3064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. CVE-2022-3064 Note that Nessus relies on the presence of the package a...

Linux Distros Unpatched Vulnerability : CVE-2011-3064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impac...

Azure Linux 3.0 Security Update: etcd / packer (CVE-2022-3064)

The version of etcd / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3064 advisory. - Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. CVE-2022-306...

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-27

CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-27. This CVE either no longer is or was never applicable...

Moderate: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 8 : rhc (RHSA-2024:10784)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10784 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fixes:...

Low: Red Hat Security Advisory: rhc security update

An update for rhc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

RHEL 9 : rhc (RHSA-2024:10759)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10759 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security Fixes:...

CVE-2022-3064 affecting package packer for versions less than 1.9.5-1

CVE-2022-3064 affecting package packer for versions less than 1.9.5-1. A patched version of the package is available...