CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

CVE-2026-3598

creationtimestamp| type| source ---|---|--- 2026-03-05 17:55:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgdemcjwxl2z...

CVE-2026-3598 RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Instead of Encryption

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

MINI-3598-5H9J-2PJR

Bulletin has no description...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.101-3.b13.AXS4 (AXSA:2016-570:06)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-570:06 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-3458 RESERVED This candidate has been reserved by an organization ...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.101-3.b13.el7 (AXSA:2016-571:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-571:05 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-3458 RESERVED This candidate has been reserved by an organization ...

CVE-2022-3598

creationtimestamp| type| source ---|---|--- 2025-11-05 10:52:02+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m4uuyh5jrc27...

CVE-2016-3598 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-8-openj9, openjdk-17-openj9, openjdk-11-openj9...

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...

CVE-2025-3598

creationtimestamp| type| source ---|---|--- 2025-04-18 05:58:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12391...

CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter

The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commissionsummary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter

The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commissionsummary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-3598

CVE-2025-3598 concerns the Coupon Affiliates – Affiliate Plugin for WooCommerce for WordPress. It is a reflected Cross-Site Scripting vulnerability exploitable via the commission_summary parameter in all versions up to and including 6.3.0, caused by insufficient input sanitization and output esca...

WordPress Coupon Affiliates plugin <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter vulnerability

Reflected Cross-Site Scripting via 'commissionsummary' Parameter vulnerability discovered by wesley wcraft in WordPress Plugin Coupon Affiliates versions = 6.3.0...

Linux Distros Unpatched Vulnerability : CVE-2022-3598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a...

Linux Distros Unpatched Vulnerability : CVE-2021-3598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an applicatio...

Important: libtiff

Issue Overview: Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2023-364)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-364 advisory. LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that...