CVE-2026-3242

creationtimestamp| type| source ---|---|--- 2026-03-04 04:26:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg7gwepksc2u...

CVE-2026-3242 Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block

In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...

CVE-2025-3242

creationtimestamp| type| source ---|---|--- 2025-04-04 11:39:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10431 2025-04-04 13:07:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llyiciqnha26 2025-04-04 14:40:16+00:00| seen|...

CVE-2025-3242

A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit h...

CVE-2025-3242

CVE-2025-3242 affects PHPGurukul e-Diary Management System 1.0, with a vulnerability in the file /search-result.php where manipulating the searchdata parameter enables SQL injection. The issue is exploitable remotely and has been publicly disclosed. Multiple connected sources reiterate that the a...

CVE-2025-3242 PHPGurukul e-Diary Management System search-result.php sql injection

A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql injection. The attack can be initiated remotely. The exploit h...

Linux Distros Unpatched Vulnerability : CVE-2014-3242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity...

CVE-2024-3242

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

CVE-2024-3242

CVE-2024-3242 concerns Brizy – Page Builder for WordPress. The issue is an arbitrary file upload vulnerability caused by missing file extension validation in validateImageContent (via storeImages) in all versions up to 2.4.43. This could allow authenticated attackers with contributor+ privileges ...

WordPress Brizy Plugin <= 2.4.44 is vulnerable to Arbitrary File Upload

Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3242 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID cefdc004eccb Credits stealthcopter Required privilege Contributor...

CGA-3242-R55W-GF93

Bulletin has no description...

RHEL 7 : soappy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SOAPpy: XML External Entity XXE flaw CVE-2014-3242 - SOAPpy 0.12.5 does not properly detect recursion...

RHEL 6 : soappy (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SOAPpy: XML External Entity XXE flaw CVE-2014-3242 - SOAPpy 0.12.5 does not properly detect recursion...

openSUSE: Security Advisory for openssl (SUSE-SU-2023:3242-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3242

The CVE-2023-3242 issue concerns B&R Automation Runtime’s Portmapper. Affected product: B&R Industrial Automation Automation Runtime (prior to G4.93). Vulnerable component: Portmapper service with improper initialization. Impact: unauthenticated network-based attackers can cause permanent denial-...

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions...

SUSE CVE-2006-3242

Stack-based buffer overflow in the browsegetnamespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service crash or execute arbitrary code via long namespaces received from the IMAP server...

Debian dla-3242 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3242 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3242-1 [email protected]...