D-Tale 3.10.0 - 3.15.1 - Authentication Bypass & Remote Code Execution

man-group/dtale 3.10.0 contains an authentication bypass and remote code execution caused by improper input validation and a hardcoded SECRETKEY in Flask configuration, letting attackers forge session cookies and execute arbitrary code, exploit requires attacker to access the application. id:...

CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

CVE-2026-3408

creationtimestamp| type| source ---|---|--- 2026-03-02 04:30:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116157699085481276 2026-03-02 04:30:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mg2g7zs4jg2o 2026-03-02 07:54:46+00:00| seen|...

DEBIAN-CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

CVE-2026-3408

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available...

EUVD-2026-3408

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rankmathdescription' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-3408

The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2025-3408

A flaw was found in stb. This vulnerability allows remote attackers to cause an integer overflow via crafted input, potentially leading to further exploitation. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

CVE-2025-3408

creationtimestamp| type| source ---|---|--- 2025-04-08 05:17:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmbpwoesn52q 2025-04-08 07:01:28+00:00| seen| Telegram/GhCcQwP6QnMjxsfMJ8qz6Pxy9JaPQ-Bi2BXFCcmddlxOyKI 2025-04-08 08:08:01+00:00| seen| https://t.me/cvedetector/22384...

CVE-2025-3408

A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stbdupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product...

Oracle Linux 9 : libreoffice (ELSA-2025-3408)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3408 advisory. 1:7.1.8.1-15.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Added the --with-hamcrest option to configure. 1:7.1.8.1-15 - Fix CVE-2025-1080 Filter o...

Linux Distros Unpatched Vulnerability : CVE-2015-3408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when...

D-Tale RCE

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

CVE-2024-3408

creationtimestamp| type| source ---|---|--- 2025-03-03 12:12:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dtalercecve20250655.rb 2025-03-04 02:34:30+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-03-04 21:02:04+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2010-3408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1823. Reason: This candidate is a duplicate of CVE-2010-1823. Notes: All CVE users shoul...

D-Tale Remote Code Execution

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution RCE due to improper input validation. The vulnerability arises from a hardcoded SECRETKEY in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled...

RCE via Global State Override

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution RCE. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

CVE-2023-3408

creationtimestamp| type| source ---|---|--- 2024-08-17 14:01:30+00:00| seen| https://t.me/CveExploits/14...