CVE-2026-3582

creationtimestamp| type| source ---|---|--- 2026-03-30 16:14:07+00:00| seen| https://bsky.app/profile/vitobotta.com/post/3mic2lxamjs2q...

CVE-2025-20717

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-358...

CVE-2025-20717

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-358...

CVE-2025-20717

The vulnerability CVE-2025-20717 affects the wlan AP driver (MediaTek) and stems from an incorrect bounds check that enables an out-of-bounds write. This can lead to local escalation of privilege for an attacker who already has System privileges, with no user interaction required. A patch is avai...

ECHO-EF69-3582-80D8

Bulletin has no description...

WordPress Newsletter plugin < 8.8.5 - Admin+ Stored XSS via Form vulnerability

Admin+ Stored XSS via Form vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Newsletter versions 8.8.5...

CVE-2025-3582

The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3582

CVE-2025-3582 affects the Newsletter WordPress plugin prior to version 8.85. The issue arises from inadequate sanitisation/escaping of Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Public sources in the provid...

Oracle Linux 8 : firefox (ELSA-2025-3582)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-3582 advisory. 128.9.0-2.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.9.0 - Add debranding patches Mustafa Gezen - Add OpenELA default...

WordPress UnGallery Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software UnGallery Type Plugin Vulnerable versions = 2.2.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3582 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID a683aa770e00 Credits Bob Matyas Required privileg...

Rocky Linux 8 : .NET 6.0 (RLSA-2023:3582)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3582 advisory. - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability CVE-2023-24936 - .NET, .NET Framework, and Visual Studio Denial of Servic...

Oracle Linux 8 : samba (ELSA-2019-3582)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3582 advisory. - resolves: 1696525 - Fix CVE-2019-3880 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Oracle Linux 7 : glibc (ELSA-2017-3582)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3582 advisory. 2.17-157.4 - Avoid large allocas in the dynamic linker 1452720 2.17-157.2 - Fix use of uninitialized data in getaddrinfo with nscd 1436312 2.17-157.1 - Do not s...

CVE-2023-3582

creationtimestamp| type| source ---|---|--- 2023-07-17 20:40:33+00:00| seen| https://t.me/cibsecurity/66850...

CVE-2023-3582

CVE-2023-3582 in Mattermost describes a failure to verify channel membership when linking a board to a channel. A low-privileged authenticated user can link a Board to a private channel they should not access, potentially exposing restricted content or altering channel-board associations. The ava...

CVE-2023-3582 Lack of channel membership check when linking a board to a channel

Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,...

Oracle Linux 8 : .NET / 6.0 (ELSA-2023-3582)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3582 advisory. 6.0.118-1.0.1 - Add missing Oracle Linux Runtime IDs 6.0.118-1 - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ2212378 6.0.117-2 - Upda...

RHEL 8 : .NET 6.0 (RHSA-2023:3582)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3582 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CVE-2022-3582

A vulnerability has been found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument change password leads to cross-site request forgery. The attack can be launched...

CVE-2022-3582

CVE-2022-3582 affects SourceCodester Simple Cold Storage Management System 1.0. The vulnerability arises from manipulating the “change password” parameter, enabling cross-site request forgery (CSRF). Reportedly exploitable remotely; exploits have been disclosed (VDB-211189). Multiple feeds (NVD, ...