WordPress Kali Forms <= 2.4.9 - Remote Code Execution

Kali Forms WordPress plugin = 2.4.9 contains a remote code execution caused by unsafe user input handling in 'formprocess' and 'preparepostdata' functions, letting unauthenticated attackers execute code on the server, exploit requires no authentication. id: CVE-2026-3584 info: name: WordPress Kal...

ECHO-C325-3584-2F66

Bulletin has no description...

MINI-6637-3584-MGMF

Bulletin has no description...

MINI-25H5-3584-HVJM

Bulletin has no description...

CVE-2026-3584

creationtimestamp| type| source ---|---|--- 2026-03-20 22:17:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjkasbyac2n 2026-03-20 22:18:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhjkbts2sw26 2026-03-21 02:25:48+00:00| seen|...

CVE-2025-3584

creationtimestamp| type| source ---|---|--- 2025-06-03 08:56:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqowbr3g4e2r...

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3584

The CVE-2025-3584 entry concerns the WordPress Newsletter plugin, affected in versions prior to 8.8.2. The vulnerability arises from insufficient sanitization/escaping of Subscription settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html ...

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3584

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

CVE-2024-3584

creationtimestamp| type| source ---|---|--- 2024-06-04 15:42:49+00:00| published-proof-of-concept| https://t.me/HackingInsights/1526...

CVE-2023-3584

creationtimestamp| type| source ---|---|--- 2023-07-17 20:40:30+00:00| seen| https://t.me/cibsecurity/66847...

CVE-2023-3584

Mattermost CVE-2023-3584 affects the POST /api/v4/teams endpoint. The root cause is improper authorization checks when a team override scheme ID is supplied, enabling an authenticated attacker who knows a valid Team Override Scheme ID to create a new team using that scheme. Documents consistently...

CVE-2023-3584 Member can create team with team override scheme

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme...

Oracle Linux 8 : c-ares (ELSA-2023-3584)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3584 advisory. 1.13.0-6.1 - Resolves: rhbz2209516 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service rhel-8.8.0.z Tenable has extracted the preceding description...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3584-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3584-1 advisory. - In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to...

CVE-2022-3584

The CVE-2022-3584 issue affects SourceCodester Canteen Management System 1.0. Multiple connected sources confirm a vulnerability in the edituser.php handler where manipulating the id parameter yields SQL injection. Exploitation is described as remote and publicly disclosed; records assign VDB-211...

Moderate: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...

com.argusoft:medplat_core (>=0.0.1 <=0.0.3), com.argusoft:medplat_lms (=0.0.1) +63 more potentially affected by CVE-2014-3584 via org.apache.cxf:cxf-rt-frontend-jaxrs (=3.0.0)

org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-rt-frontend-jaxrs and may be impacted: - com.argusoft:medplatcore =0.0.1, =0.1.0, =0.1.0, =0.0.6, =0.0.6, =0.0.6, =0.0.6, =0.0....