Lucene search
K

83 matches found

Circl
Circl
added 2026/03/02 4:8 a.m.14 views

CVE-2026-3404

creationtimestamp| type| source ---|---|--- 2026-03-02 04:08:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg2ey5iwcv2x...

8.1CVSS6AI score0.0035EPSS
Exploits1References1
CVE
CVE
added 2026/03/02 1:32 a.m.17 views

CVE-2026-3404

CVE-2026-3404 concerns thinkgem JeeSite (up to 5.15.1). The flaw exists in an unknown function within /com/jeesite/common/shiro/cas/CasOutHandler.java (Endpoint component). Executing a manipulation can trigger an XML External Entity (XXE) reference, with remote execution possible and exploitabili...

8.1CVSS5.3AI score0.0035EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 1:32 a.m.4 views

CVE-2026-3404

A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of...

8.1CVSS5.2AI score0.0035EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/07/08 3:15 a.m.9 views

CVE-2025-20686

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404...

8.8CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 2:0 a.m.10 views

CVE-2025-20686

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404...

0.00296EPSS
Exploits0References1
NVD
NVD
added 2025/04/19 8:15 a.m.15 views

CVE-2025-3404

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...

8.8CVSS0.00861EPSS
Exploits0References3
Circl
Circl
added 2025/04/19 8:2 a.m.6 views

CVE-2025-3404

creationtimestamp| type| source ---|---|--- 2025-04-19 08:02:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12577 2025-04-19 08:39:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctubwh2h 2025-04-19 09:02:35+00:00| seen|...

8.8CVSS7.3AI score0.00861EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/19 7:23 a.m.22 views

CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...

8.8CVSS0.00861EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/19 7:23 a.m.6 views

CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...

8.8CVSS8.9AI score0.00861EPSS
Exploits0References3
CVE
CVE
added 2025/04/19 7:23 a.m.82 views

CVE-2025-3404

CVE-2025-3404 : WordPress Download Manager plugin (versions up to 3.3.12) allows an Authenticated user with Author+ privileges to delete arbitrary server files due to insufficient file-path validation in savePackage. Reported impact includes potential remote code execution if critical files (e.g....

8.8CVSS8.9AI score0.00861EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/04/19 12:15 a.m.6 views

WordPress Download Manager plugin <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by WordFence in WordPress Plugin Download Manager versions = 3.3.12...

8.8CVSS8.4AI score0.00861EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2024/09/26 12:0 a.m.7 views

openSUSE Security Advisory (SUSE-SU-2024:3404-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.0048EPSS
Exploits0References4
NVD
NVD
added 2024/06/06 7:16 p.m.22 views

CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS0.00503EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 6:45 p.m.8 views

CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS6.6AI score0.00503EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/06 6:45 p.m.26 views

CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...

6.5CVSS0.00503EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/01/24 8:23 p.m.1 views

Malicious code in wlwz-2312-3404 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f8bbe3f249214fdf996eb9ae2f7065c2edf5a159c512fe341be73b6d3e56e67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/01/24 8:23 p.m.5 views

MAL-2024-480 Malicious code in wlwz-2312-3404 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f8bbe3f249214fdf996eb9ae2f7065c2edf5a159c512fe341be73b6d3e56e67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/31 5:33 a.m.8 views

CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS6.6AI score0.0056EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/17 12:0 a.m.46 views

Debian dla-3404 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3404 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3404-1 [email protected]...

8.8CVSS7.6AI score0.06346EPSS
Exploits8References76
OpenVAS
OpenVAS
added 2022/09/05 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2022-0316)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.0193EPSS
Exploits2References4
Rows per page
Query Builder