CVE-2026-35284

...

CVE-2026-35284

CVE-2026-35284 has a CVSS v3.1 base score of 9.9 (CRITICAL). The vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating a network-accessible, low-privilege, no-user-interaction exploit with high impact to confidentiality, integrity, and availability. The description provides an Oracle...

MAL-2025-35284 Malicious code in test-mlw2-ergot-ictic (npm)

The package test-mlw2-ergot-ictic was found to contain malicious code...

CVE-2021-35284

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

CVE-2021-35284

creationtimestamp| type| source ---|---|--- 2022-11-23 20:13:53+00:00| seen| https://t.me/cibsecurity/53440 2025-04-28 21:11:10+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13745...

CVE-2021-35284

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

CVE-2021-35284

CVE-2021-35284 affects rizalafani cms-php v1, with a SQL Injection vulnerability in the get_user function (login_manager.php). The issue is described across multiple sources as SQL injection in the get_user routine, consistent with a high-severity CVSS3.1 impact (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A...

CVE-2021-35284

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

CVE-2022-35284

creationtimestamp| type| source ---|---|--- 2022-07-25 22:33:15+00:00| seen| https://t.me/cibsecurity/46946...

CVE-2022-35284

IBM Security Verify Information Queue (ISIQ) 10.0.2 is vulnerable to information disclosure due to a missing/insecure SameSite attribute on a sensitive cookie. The issue affects ISIQ 10.0.2 and is addressed by upgrading to ISIQ 10.0.3 or newer. The lack of SameSite disables CSRF protections for t...

Security Bulletin: Session cookie used by IBM Security Verify Information Queue is not properly secured (CVE-2022-35284)

Summary IBM Security Verify Information Queue ISIQ v10.0.2 does not set the SameSite attribute in the ISIQ session cookie. As a result, any CSRF protections offered by the attribute are disabled. ISIQ v10.0.3 is now correctly setting the SameSite attribute. CVE-2022-35284 Vulnerability Details...

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

CVE-2020-35284

CVE-2020-35284 affects Flamingo (aka FlamingoIM). The vulnerability allows directory traversal (via ../) in file-transfer requests; the issue arises because the only ostensibly unpredictable part is an MD5 computation that runs on the client side, and the computation details can be inferred from ...