Exploit for Download of Code Without Integrity Check in Trueconf

🔍 CVE-2026-3502 Scanner - TrueConf Vulnerability Detection Too...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 CVSS score: 7.8, a lack of integrity...

CVE-2026-3502

creationtimestamp| type| source ---|---|--- 2026-03-30 19:18:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3micevjrc4m2d 2026-03-30 20:40:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3micjhllsy32t 2026-03-30 21:21:40+00:00| seen|...

EUVD-2026-3502

Malicious code in webmd-cookie npm...

GHSA-JFX9-29X2-RV3J pypdf can exhaust RAM via manipulated LZWDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider applying the changes from P...

EUVD-2018-3502

Malware in sbrugna...

CVE-2023-3502

A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-3502

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress WP Maps plugin < 4.7.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Maps versions 4.7.2...

CVE-2025-3502 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3502 WP Maps < 4.7.2 - Admin+ Stored XSS

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-3502 affecting package avahi for versions less than 0.8-1

CVE-2021-3502 affecting package avahi for versions less than 0.8-1. A patched version of the package is available...

Malicious code in wlwz-2312-3502 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6872f7e98bff79adc458b95a0f237c42666d1df3fac5d6fc03f8d87fb55058f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-487 Malicious code in wlwz-2312-3502 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6872f7e98bff79adc458b95a0f237c42666d1df3fac5d6fc03f8d87fb55058f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

avahi security update

0.8-15 - Fix CVE-2023-1981 2186689 0.8-14 - Fix CVE-2021-3502 1949949 0.8-13 - Fix CVE-2021-3468 1944092...

Moderate: Red Hat Security Advisory: avahi security update

An update for avahi is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2023:6707 Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...

RHEL 9 : avahi (RHSA-2023:6707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6707 advisory. Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates...

CVE-2023-3502 SourceCodester Shopping Website search-result.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Affected is an unknown function of the file search-result.php. The manipulation of the argument product leads to sql injection. It is possible to launch the attack remotely. The exploit has been...