83 matches found
CVE-2026-3404
creationtimestamp| type| source ---|---|--- 2026-03-02 04:08:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg2ey5iwcv2x...
CVE-2026-3404
CVE-2026-3404 concerns thinkgem JeeSite (up to 5.15.1). The flaw exists in an unknown function within /com/jeesite/common/shiro/cas/CasOutHandler.java (Endpoint component). Executing a manipulation can trigger an XML External Entity (XXE) reference, with remote execution possible and exploitabili...
CVE-2026-3404
A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of...
CVE-2025-20686
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404...
CVE-2025-20686
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404...
CVE-2025-3404
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...
CVE-2025-3404
creationtimestamp| type| source ---|---|--- 2025-04-19 08:02:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12577 2025-04-19 08:39:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln5qctubwh2h 2025-04-19 09:02:35+00:00| seen|...
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...
CVE-2025-3404 Download Manager <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete...
CVE-2025-3404
CVE-2025-3404 : WordPress Download Manager plugin (versions up to 3.3.12) allows an Authenticated user with Author+ privileges to delete arbitrary server files due to insufficient file-path validation in savePackage. Reported impact includes potential remote code execution if critical files (e.g....
WordPress Download Manager plugin <= 3.3.12 - Authenticated (Author+) Arbitrary File Deletion vulnerability
Authenticated Author+ Arbitrary File Deletion vulnerability discovered by WordFence in WordPress Plugin Download Manager versions = 3.3.12...
openSUSE Security Advisory (SUSE-SU-2024:3404-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-3404
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...
CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...
CVE-2024-3404 Improper Access Control in gaizhenbiao/chuanhuchatgpt
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to...
Malicious code in wlwz-2312-3404 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f8bbe3f249214fdf996eb9ae2f7065c2edf5a159c512fe341be73b6d3e56e67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-480 Malicious code in wlwz-2312-3404 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f8bbe3f249214fdf996eb9ae2f7065c2edf5a159c512fe341be73b6d3e56e67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...
Debian dla-3404 : linux-config-5.10 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3404 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3404-1 [email protected]...
Mageia: Security Advisory (MGASA-2022-0316)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...