WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

Security Bulletin: Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Summary An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any...

CVE-2026-3605

creationtimestamp| type| source ---|---|--- 2026-04-17 05:15:31+00:00| seen| Telegram/ZsD0WH1x-fGDClxVyGq1OwOyswCrVsbtDHfPHjSJRDr2T4Y 2026-04-17 06:15:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjobjwdjez22 2026-04-17 13:00:37+00:00| seen|...

CVE-2010-3605

Cross-site scripting XSS vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Exploit for CVE-2025-3605

🚀 CVE-2025-3605 Exploit Guide 🛡️ Vulnerability Summary Th...

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...

Exploit for CVE-2025-3605

🚀 CVE-2025-3605 Exploit Guide 🛡️ Vulnerability Summary Th...

WordPress Frontend Login and Registration Blocks plugin <= 1.1.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Frontend Login and Registration Blocks versions = 1.1.1...

Linux Distros Unpatched Vulnerability : CVE-2021-3605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked wi...

Linux Distros Unpatched Vulnerability : CVE-2011-3605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processrs function in the router advertisement daemon radvd before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service...

CVE-2024-3605

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CVE-2024-3605

creationtimestamp| type| source ---|---|--- 2025-01-14 12:49:54+00:00| seen| https://infosec.exchange/users/randomrobbie/statuses/113826790893332300 2025-01-20 21:02:14+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lg7ad6vcjx22 2026-02-12 21:03:27+00:00| seen|...

CBL Mariner 2.0 Security Update: libdb (CVE-2017-3605)

The version of libdb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-3605 advisory. - Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Pri...

CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

WordPress WP Hotel Booking Plugin <= 2.1.0 is vulnerable to SQL Injection

Software WP Hotel Booking Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3605 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 4c5ededd8a8e Credits Krzysztof Zając Required privilege...

CVE-2017-3605 affecting package libdb for versions less than 5.3.28-7

CVE-2017-3605 affecting package libdb for versions less than 5.3.28-7. A patched version of the package is available...

MAL-2024-499 Malicious code in wlwz-2312-3605 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c8e20d7791f6d48303630a98a99136a6291477da487e84b0fa772d70d69f762 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-3605 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c8e20d7791f6d48303630a98a99136a6291477da487e84b0fa772d70d69f762 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Advisory ROSA-SA-2023-2248

software: openexr 2.5.8 OS: ROSA-CHROME packageevrstring: openexr-2.5.8-1.src.rpm CVE-ID: CVE-2021-3477 BDU-ID: 2021-01977 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the DeepTiledInputFile::initialize function src/lib/OpenEXR/ImfDeepTiledInputFile.cpp of the OpenEXR library is related to...

GHSA-3HG2-R75X-G69M Vyper has incorrect re-entrancy lock when key is empty string

Impact Locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. Vyper @nonreentrant"" unprotected @external def bar: pass @nonreentrant"lock" protected @external def foo: pass Patches Patched in 3605 Workarounds The lock name should be a non-empty string...