CVE-2026-3595

The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/deletecustomer without a permissioncallback, causing...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2022-2938:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2938:01 advisory. QEMU: net: e1000e: use-after-free while sending packets CVE-2020-15859 QEMU: slirp: invalid pointer initialization may lead to information disclosur...

Linux Distros Unpatched Vulnerability : CVE-2022-3595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sessfreebuffer of the file fs/cifs/sess.c of...

CVE-2019-3595

Improper Neutralization of Special Elements used in a Command 'Command Injection' in ePO extension in McAfee Data Loss Prevention DLP 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250416T165455 2025-04-16T16:54:55Z. jscPED-11136: GO-2025-3595 Update to version 0.0.20250410T162706 2025-04-10T16:27:06Z. jscPED-11136: GO-2025-3601 GO-2025-3602 Patch Instructions: To install this SUSE update...

Linux Distros Unpatched Vulnerability : CVE-2021-3595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur whil...

CVE-2024-3595

CVE-2024-3595 affects the Pure Chat – Live Chat & More! WordPress plugin up to version 2.22. It is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameters due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (sub...

CVE-2024-3595 Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

WordPress Pure Chat Plugin <= 2.22 is vulnerable to Cross Site Scripting (XSS)

Software Pure Chat Type Plugin Vulnerable versions = 2.22 Fixed in 2.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3595 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ddb44562eab6 Credits Lucio Sá Required privileg...

BELL-CVE-2021-3595 CVE-2021-3595 does not affect BellSoft software

Bulletin has no description...

Rocky Linux 9 : python3.9 (RLSA-2023:3595)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3595 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP ENIP communication module models that could be exploited to achieve remote code execution and denial-of-service DoS. "The results and impact of...

CVE-2023-3595

creationtimestamp| type| source ---|---|--- 2023-07-12 16:15:45+00:00| seen| https://t.me/cibsecurity/66547 2023-07-13 15:31:43+00:00| seen| https://t.me/ctinow/123659 2023-07-13 17:35:56+00:00| seen| https://t.me/truesecator/4612 2024-05-22 17:00:07+00:00| seen| https://t.me/truesecator/5765...

CVE-2023-3595

Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modif...

CVE-2023-3595 Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution

Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modif...

CVE-2023-3595

CVE-2023-3595 affects Rockwell Automation 1756 EN2* and EN3* ControlLogix communication modules. The issue is an out-of-bounds write that could allow a remote attacker to execute arbitrary code with persistence via malicious CIP messages, risking modification, denial, and exfiltration of data and...

Rockwell Automation Select Communication Modules

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK,...

Oracle Linux 9 : python3.9 (ELSA-2023-3595)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3595 advisory. 3.9.16-1.1 - Security fix for CVE-2023-24329 Resolves: rhbz2173917 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 9 : python3.9 (RHSA-2023:3595)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3595 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Debian: Security Advisory (DLA-3362-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...