CVE-2026-3135

CVE-2026-3135 affects itsourcecode News Portal Project 1.0. The vulnerable element is an unknown function in /admin/add-category.php where the Category argument can be manipulated to trigger an SQL injection. This allows remote initiation of an attack, and public exploit availability is noted. Mu...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3135 (ALAS-2026-3135)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3135 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary Z...

MiracleLinux 7 : bind-9.9.4-38.2.0.1.el7.AXS7 (AXSA:2017-1297:02)

"The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1297:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names...

MiracleLinux 4 : procps-3.2.8-45.AXS4.3 (AXSA:2018-3135:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3135:01 advisory. procps-ng, procps: Integer overflows leading to heap overflow in file2strvec CVE-2018-1124 procps-ng, procps: incorrect integer size in proc/alloc...

CVE-2021-3135

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php tdblockid parameter in a tdajaxblock API call...

CVE-2025-3135

creationtimestamp| type| source ---|---|--- 2025-04-03 02:35:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10158 2025-04-03 03:06:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lluwbcneaf2k 2025-04-03 05:12:01+00:00| seen|...

CVE-2025-3135 fcba_zzm ics-park Smart Park Management System update sql injection

A vulnerability classified as critical was found in fcbazzm ics-park Smart Park Management System 2.1. This vulnerability affects unknown code of the file /api/system/dept/update. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2025-3135 fcba_zzm ics-park Smart Park Management System update sql injection

A vulnerability classified as critical was found in fcbazzm ics-park Smart Park Management System 2.1. This vulnerability affects unknown code of the file /api/system/dept/update. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2024-3135 Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai

A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...

Oracle Linux 8 : java-11-openjdk (ELSA-2019-3135)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3135 advisory. 1:11.0.5.10-0.0.1 - link atomic for ix86 build Livy Ge 1:11.0.5.10-0 - Update to shenandoah-jdk-11.0.5+10 GA - Switch to GA mode for final release. -...

CVE-2023-3135

creationtimestamp| type| source ---|---|--- 2023-07-12 12:41:36+00:00| seen| https://t.me/cibsecurity/66489...

CVE-2023-3135

The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-3135

CVE-2023-3135 – Mailtree Log Mail (WordPress) Stored XSS . The Mailtree Log Mail plugin is vulnerable in versions

WordPress Mailtree Log Mail Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Mailtree Log Mail Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3135 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e74e0d24830e Credits Alex Thomas Required...

CVE-2022-3135

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3135

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3135

CVE-2022-3135 affects the WordPress SEO Smart Links plugin (versions up to 3.0.1). The underlying issue is that certain settings are not properly sanitised/escaped, enabling Stored Cross-Site Scripting by high-privilege admins (e.g., in multisite) when unfiltered_html is disallowed. Impact and ex...

Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console

Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-9778 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of specific queries when using the nxdomain-redirect feature...

CVE-2021-3135

The CVE-2021-3135 entry relates to the WordPress tagDiv Newspaper theme (version 10.3.9.1). The vulnerability is an XSS flaw exploitable via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. Public documents consistently describe it as a cross-site scripting issue aff...

SUSE: Security Advisory (SUSE-SU-2017:0596-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...