CVE-2026-3226

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...

EUVD-2026-3226

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

CVE-2023-3226

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...

CVE-2024-3226

creationtimestamp| type| source ---|---|--- 2024-06-18 09:15:32+00:00| published-proof-of-concept| Telegram/XVPnHZeb4SRmfLrKfkKjvcPfp-XFL8OdbmJH8WFxnKCDQ...

CVE-2024-3226 Campcodes Online Patient Record Management System login.php sql injection

A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-3226

CVE-2024-3226 affects Campcodes Online Patient Record Management System 1.0. The vulnerability is a SQL injection in the password parameter of the /admin/login.php file. It can be triggered remotely; the attack does not require user interaction beyond sending crafted input. Multiple connected sou...

openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:3226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Popup Builder Plugin < 4.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup Builder Type Plugin Vulnerable versions 4.2.2 Fixed in 4.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3226 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3861c79d8ad1 Credits Dipak Panchal th3.d1pak...

CVE-2023-3226 Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3226

CVE-2023-3226 affects the Popup Builder WordPress plugin, prior to version 4.2.0. The issue arises from insufficient sanitization/escaping of several settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (multisite contexts)...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gstreamer-plugins-ugly (SUSE-SU-2023:3226-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3226-1 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application'...

SUSE CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Debian dla-3226 : libcgal-demo - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3226 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3226-1 [email protected]...

CVE-2022-3226

creationtimestamp| type| source ---|---|--- 2022-12-01 20:36:51+00:00| seen| https://t.me/cibsecurity/53773 2022-12-07 10:30:06+00:00| exploited| https://t.me/truesecator/3794...

CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3226

The CVE-2022-3226 issue affects Sophos Firewall (older than 19.5 GA), where an OS command injection can be triggered by uploading SSL VPN configuration files. Root cause details are not elaborated beyond the exposure via configuration uploads in the cited advisories. The vulnerability impacts adm...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-3226)

Summary A vulnerability in ActiveSupport component of Ruby on Rails framework used by IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis allows for stealing authentication cookies with cross-site scripting attack . Vulnerability Details CVEID: CVE-2015-3226 DESCRIPTION:...

Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

Summary IBM Rational DOORS Next Generation® is affected by multiple vulnerabilities in the Oracle Outside In Technology® that is used as a component. Vulnerability Details CVEID: CVE-2018-18224 DESCRIPTION: An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In...