MAL-2025-36739 Malicious code in testphp (npm)

The package testphp was found to contain malicious code...

Microsoft 3D Viewer < 7.2306.12012.0 Multiple Vulnerabilities (May 2025) - Windows

Microsoft 3D Viewer is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:3dviewer";...

CVE-2020-36739

The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the myftsfbloadmore function. This makes it possible for unauthenticated...

CVE-2023-36739

creationtimestamp| type| source ---|---|--- 2023-09-12 20:23:02+00:00| seen| https://t.me/cibsecurity/70295...

CVE-2023-36739

3D Viewer Remote Code Execution Vulnerability...

CVE-2023-36739

Summary: The CVE-2023-36739 is associated with Microsoft 3D Viewer vulnerabilities. The Nessus/NASL data identifies the affected product as Microsoft 3D Viewer on Windows, version prior to 7.2307.27042.0, vulnerable to multiple remote code execution issues (CVE-2023-36739, CVE-2023-36740, CVE-202...

CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability

...

KLA60570 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in 3D Builder can be exploited remotely to execute arbitrary code. 2. A remote...

CVE-2020-36739

creationtimestamp| type| source ---|---|--- 2023-07-01 07:15:37+00:00| seen| https://t.me/cibsecurity/65835...

CVE-2020-36739

The CVE concerns the WordPress plugin Feed Them Social – Page, Post, Video, and Photo Galleries, affected up to version 2.8.6. The root cause is missing or incorrect nonce validation in the my_fts_fb_load_more() function, enabling Cross-Site Request Forgery that allows unauthenticated attackers t...

CVE-2021-36739

creationtimestamp| type| source ---|---|--- 2022-01-06 12:40:54+00:00| seen| https://t.me/cibsecurity/35029...

CVE-2021-36739

CVE-2021-36739 affects Apache Pluto 3.1.0 MVCBean JSP portlet Maven archetype. The firstName and lastName fields are vulnerable to Cross-Site Scripting (XSS) due to insufficient escaping/validation in user input, allowing injected JavaScript to be executed on the client. Multiple sources corrobor...

CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...