CVE-2026-3254

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

CVE-2026-3254

creationtimestamp| type| source ---|---|--- 2026-04-22 12:50:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jwdl7pl2u 2026-04-24 07:57:51+00:00| seen| https://ccb.belgium.be/advisories/warning-11-new-vulnerabilities-gitlab-ce-and-ee-editions-patch-immediately...

GitLab 18.11 < 18.11.1 (CVE-2026-3254)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into...

AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection

WordPress Classifieds Plugin before 4.3 contains a SQL injection caused by improper sanitization and escaping of parameters in an AJAX action, letting unauthenticated attackers execute arbitrary SQL commands, exploit requires the premium module to be active. id: CVE-2022-3254 info: name: AWP...

VulnCheck KEV: CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

CVE-2023-3254

The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setupnoregheader.php. This makes it possible for unauthenticated attackers to reset plugin settings a...

CVE-2013-3254

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...

CVE-2025-3254

A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has bee...

CVE-2025-3254

creationtimestamp| type| source ---|---|--- 2025-04-04 16:36:42+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10486 2025-04-04 17:07:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3llyvpyzbx724 2025-04-04 20:32:06+00:00| seen|...

CVE-2025-3254

A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has bee...

CVE-2024-3254

creationtimestamp| type| source ---|---|--- 2025-02-14 10:01:37+00:00| seen| Telegram/ljQTrUh0awqKbRAI8cEj4P2lrQC5Id7w8pmtR6hXecwKxtX...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3254)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3254 advisory. aardvark-dns buildah 2:1.33.7-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33...

CVE-2024-3254

A vulnerability, which was classified as critical, has been found in SourceCodester Internship Portal Management System 1.0. This issue affects some unknown processing of the file admin/editadmin.php. The manipulation of the argument adminid leads to sql injection. The attack may be initiated...

CVE-2024-3254

CVE-2024-3254 affects SourceCodester Internship Portal Management System 1.0. SQL injection via the admin/edit_admin.php file’s admin_id parameter is the root cause. The issue is exploitable remotely and has public disclosures. Connected sources do not provide a confirmed patch version; one PT Se...

CVE-2023-3254

creationtimestamp| type| source ---|---|--- 2023-10-18 12:46:45+00:00| seen| https://t.me/cibsecurity/72491...

CVE-2023-3254

CVE-2023-3254 – Widgets for Google Reviews (WordPress) Technical details from connected sources confirm a CSRF vulnerability in versions up to 10.9 due to missing or incorrect nonce validation in setup_no_reg_header.php. This enables unauthenticated attackers to trigger forged requests that reset...

CVE-2022-3254

creationtimestamp| type| source ---|---|--- 2022-10-31 19:38:14+00:00| seen| https://t.me/cibsecurity/52301 2026-02-06 15:04:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-3254.yaml 2026-02-11 21:03:01+00:00| seen|...

CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

CVE-2022-3254

CVE-2022-3254 affects the WordPress AWP Classifieds Plugin (versions prior to 4.3). The issue is an SQL injection caused by improper sanitization/escaping of parameters in an unauthenticated AJAX action, and is triggered when a specific premium module is active. The vulnerability allows execution...

CVE-2021-3254

creationtimestamp| type| source ---|---|--- 2022-05-11 16:34:11+00:00| seen| https://t.me/cibsecurity/42343...