MiracleLinux 7 : firefox-91.6.0-1.0.1.el7.AXS7 (AXSA:2022-3070:05)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3070:05 advisory. Mozilla: Extensions could have bypassed permission confirmation during update CVE-2022-22754 Mozilla: Memory safety bugs fixed in Firefox 97 and...

Linux Distros Unpatched Vulnerability : CVE-2025-3070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a...

CVE-2022-3070

The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Fedora 40 : chromium (2025-609ed3aaa7)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-609ed3aaa7 advisory. Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs Medium...

Fedora 41 : chromium (2025-98dd4c4639)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-98dd4c4639 advisory. Update to 135.0.7049.52 High CVE-2025-3066: Use after free in Navigations Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs Medium...

Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-3070

CVE-2025-3070 affects Google Chrome/Chromium extensions, where insufficient validation of untrusted input in Extensions enables privilege escalation via a crafted HTML page. Affected product surface is Chromium-based Extensions code prior to 135.0.7049.52. The vulnerability’s root cause is input ...

CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-3070

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

WordPress Last Viewed Posts by WPBeginner Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Last Viewed Posts by WPBeginner Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3070 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1e1e21bf8373 Credits Francesco Carlucci Requir...

Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2023-3070)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3070 Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Cross-site Scripting XSS - Stored in GitHub repository tsolucio/corebos prior to 8...

CVE-2023-3070 Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Cross-site Scripting XSS - Stored in GitHub repository tsolucio/corebos prior to 8...

CVE-2023-3070 Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Cross-site Scripting XSS - Stored in GitHub repository tsolucio/corebos prior to 8...

CVE-2023-3070

CVE-2023-3070 is a stored XSS vulnerability affecting coreBOS (tsolucio/corebos) versions prior to 8. The issue is a stored cross-site scripting flaw in the GitHub repository, enabling script execution by attackers via input handling. Public details confirm affected software and the remediation: ...