@alivault/pico (>=0.1.0 <=0.1.2), @argus-vrt/web (=0.1.0) +29 more potentially affected by unknown CVE via @tanstack/router-ssr-query-core (>=1.121.0-alpha.28 <=1.168.0)

@tanstack/router-ssr-query-core NPM version =1.121.0-alpha.28, =0.1.0, =0.0.4, =1.0.0, =0.1.0, =1.121.0-alpha.28, =1.133.19, =1.140.0, =0.2.4, =0.0.1, =0.1.0-alpha.1, =0.1.0-alpha.2 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3478...

CVE-2026-3478

creationtimestamp| type| source ---|---|--- 2026-03-21 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116265282936495501 2026-03-21 04:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhk73in3dg2u 2026-03-31 19:56:04+00:00| seen|...

CVE-2026-3478

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

EUVD-2026-3478

Not used...

Linux Distros Unpatched Vulnerability : CVE-2022-3478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions...

CVE-2025-3478

creationtimestamp| type| source ---|---|--- 2025-08-26 00:08:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxb7x5ju5a27...

CVE-2025-20690

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Issue ID: MSV-3478...

CVE-2025-20690

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Issue ID: MSV-3478...

Linux Distros Unpatched Vulnerability : CVE-2021-3478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEX...

Linux Distros Unpatched Vulnerability : CVE-2014-3478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14,...

CVE-2024-3478 Herd Effects < 5.2.7 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks...

WordPress Herd Effects Plugin < 5.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Herd Effects Type Plugin Vulnerable versions 5.2.7 Fixed in 5.2.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3478 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fdd1c4816ada Credits Bob Matyas Required...

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

CVE-2023-3478

creationtimestamp| type| source ---|---|--- 2023-06-30 16:15:09+00:00| seen| https://t.me/cibsecurity/65790...

CVE-2023-3478

CVE-2023-3478 affects IBOS OA 4.5.5. Concrete detail: the Add User Handler’s component Add User Handler exposes the function actionEdit at ?r=dashboard/roleadmin/edit&op=member, where manipulating the id parameter leads to SQL injection. The vulnerability can be exploited remotely and the exploit...

CVE-2023-3478 IBOS OA Add User edit&op=member actionEdit sql injection

A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched...

CVE-2022-3478

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package...

CVE-2022-3478

GitLab CVE-2022-3478 affects 12.8–15.4.6, 15.5–15.5.5, and 15.6–15.6.1. The issue allows a Denial of Service by uploading a malicious NuGet package. The CVE is documented across multiple sources (NVD, OSV, etc.). According to provided remediation guidance, vulnerable versions should be upgraded t...

GitLab 12.8 < 15.4.6 / 15.5 < 15.5.5 / 15.6 < 15.6.1 (CVE-2022-3478)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was...

[SECURITY] [DLA 3236-1] openexr security update

Debian LTS Advisory DLA-3236-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 12, 2022 https://wiki.debian.org/LTS Package : openexr Version : 2.2.1-4.1+deb10u2 CVE ID : CVE-2020-16587 CVE-2020-16588 CVE-2020-16589 CVE-2021-3474 CVE-2021-3475 CVE-2021-34...