CVE-2026-3561

CVE-2026-3561 affects Philips Hue Bridge hk_hap characteristics. A heap-based buffer overflow in the handling of PUT requests to the characteristics endpoint allows remote code execution. The flaw stems from insufficient validation of user-supplied data length before copying into a heap buffer, e...

CVE-2026-3561

creationtimestamp| type| source ---|---|--- 2026-03-06 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-159/ 2026-04-28 04:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mkjpiojf4u2y...

CVE-2023-3561

A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. It is possible to initiate...

CVE-2022-3561

Cross-site Scripting XSS - Generic in GitHub repository librenms/librenms prior to 22.10.0...

CVE-2019-3561

Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM 4.0.3, 3.30.4, and 3.27.7 and below...

CVE-2025-3561

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-3561

creationtimestamp| type| source ---|---|--- 2025-04-14 10:53:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11595 2025-04-14 14:40:24+00:00| seen| https://t.me/cvedetector/22844...

CVE-2025-3561

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-3561 ghostxbh uzy-ssm-mall cross-site request forgery

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-3561

CVE-2025-3561 affects ghostxbh uzy-ssm-mall 1.0.0. The vulnerability is CSRF due to an unknown vulnerable function, potentially exploitable remotely. Exploit appears publicly disclosed. Connected sources align on the product/version and impact; no official patch/version fix is documented here. PT...

CVE-2025-3561 ghostxbh uzy-ssm-mall cross-site request forgery

A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2024-3561

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

openSUSE Security Advisory (SUSE-SU-2024:3561-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3561 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to SQL Injection

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3561 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 5e99e2eccc53 Credits Jack Taylor Required privilege Contributor...

SUSE: Security Advisory (SUSE-SU-2023:3561-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : skopeo (SUSE-SU-2023:3561-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:3561-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable,...

CVE-2023-3561

creationtimestamp| type| source ---|---|--- 2023-07-10 20:30:03+00:00| seen| https://t.me/cibsecurity/66276...

CVE-2023-3561

The CVE-2023-3561 entry concerns GZ Scripts PHP GZ Hotel Booking Script 1.8. Affected component: /load.php. Root cause: lack of proper input handling for parameters first_name/second_name/phone/address_1/country leads to cross-site scripting. Impact: allows remote initiation of the attack; detail...

RHEL 8 : firefox (RHSA-2023:3561)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3561 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...