CVE-2026-3178

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'namedirectoryname' parameter in all versions up to, and including, 1.32.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3178 (ALAS-2026-3178)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3178 advisory. A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user...

RockyLinux 8 : linux-firmware (RLSA-2024:3178)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3178 advisory. hw: intel: Protection mechanism failure for some IntelR PROSet/Wireless WiFi CVE-2022-46329 hw: amd: INVD instruction may lead to a loss of SEV-ES guest...

CVE-2025-3178

A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated...

CVE-2025-3178

creationtimestamp| type| source ---|---|--- 2025-04-03 20:35:41+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10338 2025-04-04 01:11:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llxacuabvz2k 2025-04-04 02:07:02+00:00| seen|...

CVE-2025-3178

CVE-2025-3178 affects projectworlds Online Doctor Appointment Booking System v1.0. A vulnerability in /doctor/deleteappointment.php allows manipulation of the ID parameter, leading to SQL injection. Exploitation may be remote and has been publicly disclosed. Multiple sources (Red Hat, NVD, CVELIS...

Linux Distros Unpatched Vulnerability : CVE-2021-3178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to othe...

Photon OS 3.0: Linux PHSA-2021-3.0-0193

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0193. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Oracle Linux 8 : linux-firmware (ELSA-2024-3178)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3178 advisory. 20240415-999.32.git5da74b16.el8 - Rebase to latest upstream Orabug: 36482906 Tenable has extracted the preceding description block directly from the...

RHEL 8 : linux-firmware (RHSA-2024:3178)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3178 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: intel:...

CVE-2024-3178

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting XSS in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All...

CVE-2023-3178

creationtimestamp| type| source ---|---|--- 2024-01-16 17:27:18+00:00| seen| https://t.me/ctinow/168909 2024-01-22 23:16:38+00:00| seen| https://t.me/ctinow/171516 2024-02-06 10:41:44+00:00| seen| https://t.me/ctinow/179886...

CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

CVE-2023-3178

CVE-2023-3178 affects the WordPress plugin Post SMTP Mailer prior to version 2.5.7. The vulnerability is due to improper CSRF checks in certain AJAX actions, which could allow an attacker to leverage a logged-in user with the manage_postman_smtp capability to delete arbitrary logs via CSRF. Affec...

CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability delete arbitrary logs via a CSRF attack...

WordPress Post SMTP Plugin < 2.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post SMTP Type Plugin Vulnerable versions 2.5.7 Fixed in 2.5.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3178 Patch priority Low CVSS severity Low 5.4 Developer WPExperts PSID 120e0e7d693e Credits Erwan LR WPScan Required privilege...

RHEL 8 : apr-util (RHSA-2023:3178)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3178 advisory. The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides...

SUSE CVE-2015-3178

Cross-site scripting XSS vulnerability in the externalformattext function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a...

Debian: Security Advisory (DLA-3178-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3178

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV...