@squawk/airports (>=0.2.0 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +7 more potentially affected by unknown CVE via @squawk/units (=0.4.2)

@squawk/units NPM version =0.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/units and may be impacted: - @squawk/airports =0.2.0, =0.2.3, =0.2.0, =0.1.0, =0.2.0, =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...

@8base/api-cli (>=0.0.1 <=0.1.0), @abhishekdeb/ezmailer (>=0.0.1 <=0.0.2) +576 more potentially affected by CVE-2026-3455 via mailparser (>=0.2.30 <=3.9.1)

mailparser NPM version =0.2.30, =0.0.1, =0.0.1, =0.6.0, =0.0.1, =0.0.1, =1.2.1, =0.16.9, =1.0.0, =0.5.0, =2.5.0-beta.0, =2.5.0-beta.7 and more Source cves: CVE-2026-3455 Source advisory: OSV:GHSA-7GMJ-H9XC-MCXC...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

@activeboxes/piece-gmail (=0.8.1), @activeboxes/piece-imap (=0.2.10) +78 more potentially affected by CVE-2026-3455 via mailparser (>=3.0.0 <=3.9.1)

mailparser NPM version =3.0.0, =0.6.0, =0.0.1, =0.0.1, =1.0.0, =0.5.0, =1.0.64-alpha, =1.0.21-alpha, =4.0.1-alpha, =6.1.180-alpha and more Source cves: CVE-2026-3455 Source advisory: SNYK:JS-MAILPARSER-15204032...

EUVD-2026-3455

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

MINI-RV8Q-3455-32H9

Bulletin has no description...

EUVD-2009-3455

Malware in sbrugna...

CVE-2024-3455

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addpostlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can b...

CVE-2023-3455

Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity...

CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

CVE-2025-3455

creationtimestamp| type| source ---|---|--- 2025-05-09 08:31:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lopz7zexfn2l 2025-05-09 10:21:51+00:00| seen| https://t.me/cvedetector/24924 2025-05-09 16:24:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15759 2026-04-08...

CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...

CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...

WordPress 1 Click WordPress Migration Plugin plugin <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Kate Kligman Sunsword in WordPress Plugin 1 Click WordPress Migration versions = 2.2...

CVE-2024-3455 Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addpostlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can b...

openSUSE: Security Advisory for nodejs12 (SUSE-SU-2023:3455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-3455

creationtimestamp| type| source ---|---|--- 2023-09-14 22:24:42+00:00| seen| https://t.me/cibsecurity/70460...