CVE-2026-3098

creationtimestamp| type| source ---|---|--- 2026-03-26 19:05:09+00:00| seen| https://bsky.app/profile/mysites.guru/post/3mhycc3upol2b 2026-03-27 03:16:03+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3098 2026-03-29 19:00:26+00:00| seen|...

EUVD-2013-3300

Malware in sbrugna...

CVE-2016-3098

Cross-site request forgery CSRF vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code...

CVE-2025-3098

creationtimestamp| type| source ---|---|--- 2025-04-02 09:34:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10044 2025-04-02 14:58:57+00:00| seen| https://t.me/cvedetector/21856...

CVE-2025-3098

CVE-2025-3098 concerns the Video Url WordPress plugin. It is a Reflected Cross-Site Scripting flaw via the id parameter in all versions up to and including 1.0.0.3, caused by insufficient input sanitization and output escaping. The impact is that unauthenticated attackers could inject script into...

CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

CVE-2025-3098 Video Url <= 1.0.0.3 - Reflected Cross-Site Scripting

The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

WordPress Video Url plugin <= 1.0.0.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Video Url versions = 1.0.0.3...

CVE-2024-3098

creationtimestamp| type| source ---|---|--- 2024-04-12 10:24:02+00:00| published-proof-of-concept| https://t.me/arpsyndicate/4589...

langtrace-python-sdk (>=1.0.9 <=1.1.30), lavague (>=1.0.3.post1 <=1.0.15) +377 more potentially affected by CVE-2024-3098 via llama-index-core (>=0.10.0 <=0.10.19)

llama-index-core PYPI version =0.10.0, =1.0.9, =1.0.3.post1, =1.0.15 - llama-index-agent-openai =0.1.0 - llama-index-agent-openai-legacy =0.1.0 - llama-index-callbacks-aim =0.1.0 - llama-index-callbacks-argilla =0.1.0 - llama-index-callbacks-arize-phoenix =0.1.0 - llama-index-callbacks-deepeval...

CVE-2024-3098

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

CVE-2024-3098

Summary: CVE-2024-3098 affects the llama_index package, specifically the exec_utils.safe_eval function. The issue enables prompt injection that can lead to arbitrary code execution due to insufficient input validation, effectively bypassing prior constraints (CVE-2023-39662). A validated PoC demo...

CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

CVE-2023-3098 KylinSoft youker-assistant restore_all_sound_file path traversal

A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restoreallsoundfile. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

CVE-2023-3098

CVE-2023-3098 affects KylinSoft youker-assistant on KylinOS. The vulnerable component is the restore_all_sound_file function, which allows path traversal (e.g., ../filedir) with local access. The issue has been publicly disclosed; upgrading to 3.0.2-0kylin6k70-23 addresses the vulnerability.

SUSE CVE-2011-3098

Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory...

CVE-2022-3098

creationtimestamp| type| source ---|---|--- 2022-09-26 16:22:07+00:00| seen| https://t.me/cibsecurity/50484 2025-05-22 14:44:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17286...

CVE-2022-3098 Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF

The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-3098

The CVE-2022-3098 entry describes a CSRF vulnerability in the WordPress plugin Login Block IPs, affecting version 1.0.0 and earlier. The issue stems from the plugin not performing a CSRF check when updating its settings, which could allow a logged-in administrator to have their settings changed v...

SUSE: Security Advisory (SUSE-SU-2022:3098-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...