Amazon Linux 2 : nss, --advisory ALAS2-2026-3304 (ALAS-2026-3304)

The version of nss installed on the remote host is prior to 3.90.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3304 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR...

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.1.2 Vulnerability Details CVEID:CVE-2026-6951 DESCRIPTION: Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that block...

CVE-2026-3304 vulnerabilities

Vulnerabilities for packages: redisinsight, librechat...

CVE-2026-3304

A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service DoS for the application using Multer...

02url-querystring-http (>=1.0.1 <=1.0.4), 1-0-5-hai-aage-dekhte-hein-kya-aat-hai (>=1.0.5 <=1.0.6) +12737 more potentially affected by CVE-2026-3304 via multer (>=0.0.5 <=2.0.2)

multer NPM version =0.0.5, =1.0.1, =1.0.5, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.3 - 6e-alpha-backend-admin =1.0.0 and more Source cves: CVE-2026-3304 Source advisory: OSV:GHSA-XF7R-HGR6-V32P...

org.webjars.npm:nestjs__platform-express (>=8.4.7 <=9.0.0-next.2) potentially affected by CVE-2026-3304 via org.webjars.npm:multer (=1.4.4-lts.1)

org.webjars.npm:multer MAVEN version =1.4.4-lts.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:multer and may be impacted: - org.webjars.npm:nestjsplatform-express =8.4.7, =9.0.0-next.2 Source cves: CVE-2026-3304 Source advisory:...

4591-libs (>=0.0.1 <=0.2.0), @10abdullahbutt/nestjs-boilerplate (=0.0.1) +1490 more potentially affected by CVE-2026-3304 via multer (>=2.0.0-alpha.2 <=2.0.2)

multer NPM version =2.0.0-alpha.2, =0.0.1, =0.0.1-alpha.1, =0.0.1-alpha.9, =0.0.0-alpha.119, =1.2.1, =0.0.1, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.2, =0.0.10, =0.6.2 and more Source cves: CVE-2026-3304 Source advisory: SNYK:JS-MULTER-15365918...

CVE-2026-3304 Multer vulnerable to Denial of Service via incomplete cleanup

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch...

CVE-2025-20673

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304...

CVE-2025-20673

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304...

CVE-2009-3304

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...

CVE-2025-3304

A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dentalnot.php. The manipulation of the argument itrno leads to sql injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-3304

creationtimestamp| type| source ---|---|--- 2025-04-05 22:37:33+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10619 2025-04-06 01:07:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lm4ayjsdaw2r 2025-04-06 03:27:02+00:00| seen|...

CVE-2025-3304

CVE-2025-3304 concerns code-projects Patient Record Management System 1.0. The vulnerability is in the dental_not.php file, where manipulation of the itr_no parameter enables SQL injection. Several connected sources confirm remote feasibility and public disclosure of the exploit. The issue affect...

CVE-2025-3304 code-projects Patient Record Management System dental_not.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dentalnot.php. The manipulation of the argument itrno leads to sql injection. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-3304 code-projects Patient Record Management System dental_not.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dentalnot.php. The manipulation of the argument itrno leads to sql injection. It is possible to initiate the attack remotely. The exploit h...

Oracle Linux 7 : libreoffice (ELSA-2024-3304)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3304 advisory. - Fix CVE-2022-38745 Empty entry in Java class path - Fix CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Fix CVE-2023-1183 libreoffice: Arbitrary...

openSUSE: Security Advisory for chromium (openSUSE-SU-2022:10138-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in wlwz-2312-3304 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae10314d3cd8ac3e8d01fd77f355ba950dacea74baacbf2a40a70c743b80cef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-471 Malicious code in wlwz-2312-3304 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dae10314d3cd8ac3e8d01fd77f355ba950dacea74baacbf2a40a70c743b80cef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...