CVE-2026-3558

CVE-2026-3558 affects Philips Hue Bridge via HomeKit Accessory Protocol. The flaw lies in the service configuration listening on TCP port 8080, where authentication is not required, enabling network-adjacent attackers to bypass authentication and access sensitive functionality. Impact is high for...

CVE-2026-3558

creationtimestamp| type| source ---|---|--- 2026-03-06 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-156/ 2026-05-30 23:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mn464ncu3l26...

MiracleLinux 8 : kernel-4.18.0-372.9.1.el8 (AXSA:2022-3558:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3558:10 advisory. kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed USB...

GHSA-3558-J79F-VVM6

creationtimestamp| type| source ---|---|--- 2026-01-12 23:03:01+00:00| published-proof-of-concept| Telegram/r1WVj1DWEYgy6-PsI-eM62JB77qRC4LeAFuyHTjHJQG2Eac...

EUVD-2016-4585

Malware in sbrugna...

CVE-2012-3558

Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects...

CVE-2019-3558

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook...

CVE-2025-3558 ghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted upload

A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown part of the file /mall/user/uploadUserHeadImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has...

openSUSE: Security Advisory for qatlib (SUSE-SU-2024:3558-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfsposttitle' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfsposttitle' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3558 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 16f6a09d2c8e Credits Jack Taylor Required...

Debian dla-3558 : python-django - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3558 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3558-1 [email protected] https://www.debian.org/lts/security/...

Oracle Linux 6 : openssl (ELSA-2016-3558)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3558 advisory. - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding...

CVE-2023-3558

CVE-2023-3558 affects GZ Scripts Event Booking Calendar version 1.8, specifically the /load.php file. The vulnerability arises from manipulation of parameters (first_name, second_name, phone, address_1, country) leading to cross-site scripting. The issue is described as exploitable remotely in mu...

CVE-2022-3558

creationtimestamp| type| source ---|---|--- 2022-11-07 12:34:10+00:00| seen| https://t.me/cibsecurity/52581...

CVE-2022-3558

CVE-2022-3558 affects the WordPress plugin Import and export users and customers, prior to version 1.20.5. The vulnerability arises from improper escaping of data when exporting to CSV, which enables CSV injection. The issue is demonstrated by a PoC showing crafted data (e.g., nickname payload) e...

CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

ai.grakn.kgms:client (=1.4.3), ai.grakn:client-java (>=1.4.1 <=1.4.3) +768 more potentially affected by CVE-2014-3558 via org.hibernate:hibernate-validator (>=4.3.0.Alpha1 <=4.3.1.Final)

org.hibernate:hibernate-validator MAVEN version =4.3.0.Alpha1, =1.4.1, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =1.4.1, =0.13.0, =0.13.0, =0.14.0 and more Source cves: CVE-2014-3558 Source advisory: OSV:GHSA-845H-985R-JRQH...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), be.objectify:deadbolt-core_2.10 (>=2.2.0 <=2.4.3) +1203 more potentially affected by CVE-2014-3558 via org.hibernate:hibernate-validator (>=5.0.0.Alpha1 <=5.1.1.Final)

org.hibernate:hibernate-validator MAVEN version =5.0.0.Alpha1, =1.0.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.2.0, =2.4.0, =2.0.0, =4.0.0.Final, =4.3.0-beta-3 - br.com.caelum:vraptor-musicjungle =4.0.0-beta-1 - br.com.ingenieux.dropwizard:dropwizard-envvar =0.0.1 -...