147 matches found
CVE-2026-3412
A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /attsingleview.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-3412
creationtimestamp| type| source ---|---|--- 2026-03-02 06:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116158053031386067 2026-03-02 06:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mg2lay57qp2n 2026-03-02 08:14:45+00:00| seen|...
CVE-2026-3412
The CVE-2026-3412 entry concerns itsourcecode University Management System 1.0. The vulnerability is in /att_single_view.php where manipulating the dt parameter yields cross-site scripting (XSS). It is exploitable remotely, with the exploit publicly available, and CVSS data indicates a MEDIUM imp...
EUVD-2026-3412
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the deleteexistinguserphoto function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, wi...
MiracleLinux 4 : kernel-2.6.32-279.14.1.el6 (AXSA:2012-1018:09)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-1018:09 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operatin...
CVE-2025-3412
A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2trainingplatform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side reque...
CVE-2025-3412
creationtimestamp| type| source ---|---|--- 2025-04-08 05:47:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10850 2025-04-08 09:48:28+00:00| seen| https://t.me/cvedetector/22395...
CVE-2025-3412 mymagicpower AIAS InferController.java server-side request forgery
A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2trainingplatform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side reque...
CVE-2025-3412
CVE-2025-3412 affects mymagicpower AIAS 20250308; the vulnerability lies in an unknown function within 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. Manipulating the url argument triggers server-side request forgery (SSRF) and can be exploited...
CVE-2025-3412 mymagicpower AIAS InferController.java server-side request forgery
A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2trainingplatform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side reque...
Linux Distros Unpatched Vulnerability : CVE-2015-3412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read...
CVE-2024-3412
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, wi...
CVE-2024-3412 WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, wi...
CVE-2024-3412 WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, wi...
WordPress WP STAGING – Backup Duplicator & Migration Plugin <= 3.4.3 is vulnerable to Arbitrary File Upload
Software WP STAGING – Backup Duplicator & Migration Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.5.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3412 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID af3b452b0d24 Credits haidv35 Require...
CVE-2023-3412
The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajaxstoresave function. This makes it possible for authenticated...
CVE-2023-3412 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting
The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajaxstoresave function. This makes it possible for authenticated...
CVE-2023-3412 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting
The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajaxstoresave function. This makes it possible for authenticated...
WordPress Image Map Pro Plugin <= 1.0.0 is vulnerable to Broken Access Control
Software Image Map Pro Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3412 Patch priority High CVSS severity High 6.4 Developer Claim ownership PSID 0df94792877f Credits Unknown Required privilege...
Debian: Security Advisory (DLA-307-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...