CVE-2026-3346

creationtimestamp| type| source ---|---|--- 2026-04-30 22:47:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkqoz2hd4x2v 2026-05-03 21:06:48+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mky2smzu6f2f...

Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...

MiracleLinux 3 : xen-3.0.3-132.2.0.1.AXS3 (AXSA:2011-338:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-338:03 advisory. This package contains the Xen tools and management daemons needed to run virtual machines on x86, x8664, and ia64 systems. Information on how to use Xen can b...

CVE-2024-3346

A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the argument mailfilepath leads to os command injection. The attack can be initiated remotely. The exploi...

CVE-2023-3346

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service DoS condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is...

CVE-2022-3346

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for...

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

CVE-2025-3346

creationtimestamp| type| source ---|---|--- 2025-04-06 14:50:33+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114291574894920693 2025-04-07 09:45:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10691 2025-04-07 11:07:54+00:00| seen|...

Rocky Linux 8 : git-lfs (RLSA-2024:3346)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3346 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

CGA-CP9W-3346-FJR9

Bulletin has no description...

Oracle Linux 8 : git-lfs (ELSA-2024-3346)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3346 advisory. 3.4.1-2 - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 3.4.1-1 - Update to version 3.4.1 - Resolves: RHEL-17102...

CVE-2024-3346

A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the argument mailfilepath leads to os command injection. The attack can be initiated remotely. The exploi...

CVE-2024-3346 Byzoro Smart S80 webmailattach.php os command injection

A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the argument mailfilepath leads to os command injection. The attack can be initiated remotely. The exploi...

Huawei EulerOS: Security Advisory for nghttp2 (EulerOS-SA-2023-3346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:3346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3346

creationtimestamp| type| source ---|---|--- 2023-08-03 12:39:58+00:00| seen| https://t.me/cibsecurity/67632...

CVE-2023-3346 Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service DoS condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is...

CVE-2023-3346

CVE-2023-3346 affects Mitsubishi Electric CNC Series. The vulnerability is a buffer copy without input size checking, enabling a remote unauthenticated attacker to cause denial of service and execute arbitrary code. Affected products include multiple CNC models (M800VW/M800VS/M80V/M80VW/M800W/M80...

CVE-2023-3346 Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service DoS condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is...

sportis.cz Cross Site Scripting vulnerability OBB-3346069

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...