Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)

The version of thunderbird installed on the remote host is prior to 140.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3340 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming th...

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

Security Bulletin: Server-Side Request Forgery (SSRF) in Langflow URL Component

Summary IBM Langflow Desktop contains a Server-Side Request Forgery SSRF vulnerability in the URL data source component where user-supplied URLs are insufficiently validated before being used in backend HTTP requests, allowing authenticated attackers to force the Langflow server to make arbitrary...

AlmaLinux 9 : skopeo (ALSA-2026:3340)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3340 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

Oracle Linux 9 : skopeo (ELSA-2026-3340)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3340 advisory. - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2021-3340

A cross-site scripting XSS vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php...

CVE-2025-3340

A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/comboupdate.php. The manipulation of the argument ID leads to sql injection. The attack may be launche...

CVE-2025-3340

creationtimestamp| type| source ---|---|--- 2025-04-07 06:45:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10677 2025-04-07 09:31:09+00:00| published-proof-of-concept| Telegram/ZqVcp9kxvRu5E7Cj8nsMX7B3XhX8B8CAXf42e1JkncWKY5I 2025-04-07 11:07:55+00:00| seen|...

CVE-2025-3340 codeprojects Online Restaurant Management System combo_update.php sql injection

A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/comboupdate.php. The manipulation of the argument ID leads to sql injection. The attack may be launche...

CVE-2013-3340

creationtimestamp| type| source ---|---|--- 2025-02-14 21:08:31+00:00| seen| Telegram/1NSIX1wu2gyUOfYjusC-VT-KGW0oSSja3s2e2DaPm70aZ1Y9...

Rocky Linux 8 : .NET 7.0 (RLSA-2024:3340)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3340 advisory. dotnet: stack buffer overrun in Double Parse CVE-2024-30045 dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop...

Oracle Linux 8 : .NET / 7.0 (ELSA-2024-3340)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3340 advisory. 7.0.119-1.0.1 - Add support for Oracle Linux 7.0.119-1 - Update to .NET SDK 7.0.119 and Runtime 7.0.19 - Resolves: RHEL-35313 7.0.118-2 - Update to .NE...

RHEL 8 : .NET 7.0 (RHSA-2024:3340)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3340 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CVE-2024-3340

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Colibri Page Builder Plugin <= 1.0.272 is vulnerable to Cross Site Scripting (XSS)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.272 Fixed in 1.0.274 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3340 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 39692f6fa930 Credits Ngô Thiên An...

Huawei EulerOS: Security Advisory for libtommath (EulerOS-SA-2023-3340)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3340

CVE-2023-3340 affects SourceCodester Online School Fees System 1.0, specifically the file ajx.php in the GET Parameter Handler. The issue is a SQL injection caused by manipulating the name_startsWith argument, which can be exploited remotely; the vulnerability has been disclosed publicly. Multipl...

CVE-2023-3340 SourceCodester Online School Fees System GET Parameter ajx.php sql injection

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument namestartsWith leads to sql injection. The attack...

CVE-2022-3340

creationtimestamp| type| source ---|---|--- 2022-11-04 15:27:52+00:00| seen| https://t.me/cibsecurity/52552...