MINI-3684-H856-6X3X

Bulletin has no description...

@gusmano/reext (=0.0.379) potentially affected by unknown CVE via @gusmano/reext (=0.0.378)

@gusmano/reext NPM version =0.0.378 is affected by a known vulnerability. The following packages have a transitive dependency on @gusmano/reext and may be impacted: - @gusmano/reext =0.0.379 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3684...

CVE-2023-3684

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2020-3684

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

SUSE-SU-2025:01653-1 Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20250515T200012 2025-05-15T20:00:12Z jscPED-11136 GO-2025-3657 GO-2025-3670 GO-2025-3671 GO-2025-3672 GO-2025-3678 GO-2025-3679 GO-2025-3680 GO-2025-3682 GO-2025-3683 GO-2025-3684 GO-2025-3686 GO-2025-3687...

CVE-2011-3684

Multiple cross-site scripting XSS vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via 1 the siteid parameter to logbook.asp, 2 the siteid parameter to monitor-events.asp, 3 the siteid parameter to...

CVE-2008-3684

Heap-based buffer overflow in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606...

CVE-2025-3684

creationtimestamp| type| source ---|---|--- 2025-04-16 11:57:01+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12019 2025-04-16 13:31:15+00:00| seen| https://t.me/cvedetector/23066...

CVE-2025-3684 Xianqi Kindergarten Management System Child Management stu_list.php sql injection

A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stulist.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may b...

CVE-2025-3684

The CVE-2025-3684 entry concerns Xianqi Kindergarten Management System version 2.0 Build 20190808. Affected component: Child Management, file stu_list.php. Root cause: manipulation of the argument sex leads to SQL injection, enabling remote exploitation. Multiple connected documents confirm the v...

CGA-3684-5P58-CC97

Bulletin has no description...

CVE-2024-3684

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3684 Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability...

CVE-2024-3684

CVE-2024-3684 describes a server-side request forgery in GitHub Enterprise Server that, when an attacker has an editor role in the Management Console, could grant admin access to the appliance during configuration of Artifacts & Logs and Migrations Storage. The vulnerability required access to th...

CVE-2023-3684 LivelyWorks Articart Base64 Encoding de_DE redirect

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2023-3684

CVE-2023-3684 affects LivelyWorks Articart 2.0.1, specifically the Base64 Encoding Handler’s file at /change-language/de_DE. The vulnerability arises from manipulating the redirectTo argument, causing an open redirect that could be exploited remotely. Several sources corroborate this issue, with ...

Hitachi Energy MicroSCADA System Data Manager SDM600

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA System Data Manager SDM600 Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Improper Authorization, Improper Resource Shutdown or Release, Improper...

CVE-2022-3684

creationtimestamp| type| source ---|---|--- 2023-03-28 16:44:40+00:00| seen| https://t.me/cibsecurity/60887...

CVE-2022-3684 SDM600 endpoint vulnerability

A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 Build Nr. 1.2.23000.291...