Security Bulletin: MongoDB Enterprised Advanced affected by: Exposure of Resource to Wrong Sphere and NULL Pointer Dereference (CVE-2026-34765, CVE-2026-34781)

Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34765, CVE-2026-34781. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34765 DESCRIPTION: Electron is a framework for writing...

Linux Distros Unpatched Vulnerability : CVE-2026-34765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, whe...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +2535 more potentially affected by CVE-2026-34765 via electron (>=0.1.2 <=39.8.10)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =3.0.5, =3.0.7 and more Source cves: CVE-2026-34765 Source advisory: OSV:GHSA-F3PV-WV63-48X8...

MAL-2025-34765 Malicious code in test-auth-tr (npm)

The package test-auth-tr was found to contain malicious code...

CVE-2024-34765

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

CVE-2024-34765 WordPress Sensei Pro (WC Paid Courses) plugin <= 4.23.1.1.23.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

WordPress Sensei Pro (WC Paid Courses) Plugin <= 4.23.1.1.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Sensei Pro WC Paid Courses Type Plugin Vulnerable versions = 4.23.1.1.23.1 Fixed in 4.24.0.1.24.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34765 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ffa624f39abc Credits Rafie...

Schneider Electric Modicon Exposure of Resource to Wrong Sphere (CVE-2022-34765)

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user- controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-34765

creationtimestamp| type| source ---|---|--- 2022-07-14 00:40:12+00:00| seen| https://t.me/cibsecurity/46213...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-34765

CVE-2022-34765 is a CWE-73 vulnerability (External Control of File Name or Path) affecting Schneider Electric X80 advanced RTU Communication Module BMENOR2200H (V2.01 and later) and OPC UA Modicon Communication Module BMENUA0100 (V1.10 and prior). The issue arises when user-controlled data can in...

CVE-2021-34765

creationtimestamp| type| source ---|---|--- 2021-09-02 07:35:47+00:00| seen| https://t.me/cibsecurity/28205...

CVE-2021-34765 Cisco Nexus Insights Authenticated Information Disclosure Vulnerability

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control RBAC filters are not...

CVE-2021-34765

Cisco Nexus Insights suffers an authenticated information-disclosure vulnerability in its web UI where RBAC filters are not applied to file download actions. An attacker with valid device credentials can log in and access the directory listing to download restricted files, exposing sensitive info...

Xen Denial of Service Vulnerability (CNVD-2019-34765)

Xen is an open source virtual machine monitor product. Xen has a denial of service vulnerability that can be exploited by attackers to cause a denial of service infinite loop...

Qmail SMTP Bash Environment Variable Injection (Shellshock)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Qmail SMTP Bash Environment Variable Injection Shellshock', 'Description' = %q This module exploits a shellshock vulnerability on Qmail, a public...

Advantech Switch - &#039;Shellshock&#039; Bash Environment Variable Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Advantech Switch Bash Environment Variable Code Injection Shellshock', 'Description' = %q This module exploits the Shellshock...

Advantech Switch Bash Environment Variable Code Injection Exploit

This Metasploit module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This Metasploit module was tested against firmwa...

Advantech Switch Bash Environment Variable Code Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Advantech Switch Bash Environment Variable Code Injection Shellshock', 'Description' = %q This module exploits the Shellshock...

DHCP Client Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment...