Amazon Linux 2 : gdk-pixbuf2, --advisory ALAS2-2026-3240 (ALAS-2026-3240)

The version of gdk-pixbuf2 installed on the remote host is prior to 2.36.12-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3240 advisory. A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due...

CVE-2026-3240

creationtimestamp| type| source ---|---|--- 2026-03-04 03:59:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg7fh5gfyl24...

EUVD-2026-3240

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacte...

EUVD-2005-3835

Malware in sbrugna...

CVE-2023-3240

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNewsdeal.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and...

CVE-2009-3240

Cross-site scripting XSS vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2025-3240

creationtimestamp| type| source ---|---|--- 2025-04-04 12:36:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10435 2025-04-04 13:07:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llyiciu7o72z 2025-04-04 14:40:15+00:00| seen|...

CVE-2025-3240

A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched...

CVE-2025-3240

CVE-2025-3240 affects PHPGurukul Online Fire Reporting System v1.2. The vulnerability resides in the /admin/search.php functionality, where manipulation of the searchdata parameter leads to SQL injection. Exploitation can be conducted remotely and, per multiple reports, the exploit has been discl...

CVE-2025-3240 PHPGurukul Online Fire Reporting System search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched...

CVE-2025-3240 PHPGurukul Online Fire Reporting System search.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched...

Linux Distros Unpatched Vulnerability : CVE-2015-3240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion...

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

CVE-2024-3240

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...

RHEL 5 : openswan (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - IKEv1: IKEv1 protocol vulnerability in the authentication mode with pre-shared keys in the main mode of...

WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to PHP Object Injection

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3240 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 5120b9c81ed3 Credits 1337Wannabe Required privilege...

CVE-2024-3240

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...

CVE-2011-3240

Rejected reason: This candidate is unused by its CNA...

CVE-2023-3240

CVE-2023-3240 affects OTCMS up to version 6.62, involving an issue in the file usersNews_deal.php where manipulating the file parameter enables path traversal via '../filedir'. Public exploitation has been disclosed. The vulnerability is described as a path traversal exposure; no remediation deta...

SUSE CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...