MiracleLinux 7 : spice-0.14.0-6.el7.1 (AXSA:2019-3720:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3720:03 advisory. spice: Off-by-one error in array access in spice/server/memslot.c CVE-2019-3813 Tenable has extracted the preceding description block directly from the...

MiracleLinux 3 : expat-1.95.8-8.3AXS3.2 (AXSA:2009-431:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-431:01 advisory. This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers wi...

MiracleLinux 3 : PyXML-0.8.4-4.AXS3.2 (AXSA:2010-22:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-22:01 advisory. An XML package for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces and an interface to t...

MiracleLinux 3 : python-2.4.3-44.0.1.AXS3 (AXSA:2011-183:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-183:01 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules,...

CVE-2025-3720

creationtimestamp| type| source ---|---|--- 2025-10-22 17:44:53+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m3sfjqnmlc2b...

EUVD-2020-0314

Malware in sbrugna...

CVE-2009-3720

creationtimestamp| type| source ---|---|--- 2025-07-18 13:11:47+00:00| seen| Telegram/e1o90iHJT-k2JGh5790ahxiLQIt4T9bVzKO5ZsUBjDuYtSU...

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

CVE-2021-3720

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro L79031 and Legion Phone2 Pro L70081 that could allow other applications to access device GPS data...

CVE-2012-3720

Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 saves password hashes for external-account use even if external accounts are not enabled, which might allow remote attackers to determine passwords via unspecified access to a mobile account...

CVE-2013-3720

Cross-site scripting XSS vulnerability in widgetremove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wppostid parameter...

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

Linux Distros Unpatched Vulnerability : CVE-2009-3720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent...

Debian dla-3720 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3720 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3720-1 [email protected]...

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

CVE-2023-3720

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

CVE-2023-3720 Upload Media By URL < 1.0.8 - Stored XSS via CSRF

The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf...

CVE-2023-3720

CVE-2023-3720 applies to the WordPress plugin Upload Media By URL, vulnerable before version 1.0.8 due to a missing CSRF check during file upload. The issue allows a logged-in attacker to cause admins to upload files (potentially HTML with JavaScript) on behalf of users with the unfiltered_html c...

WordPress Upload Media By URL Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Upload Media By URL Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3720 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff81e594ed5 Credits Dmitriy Cleantal...

SUSE CVE-2016-3720

XML external entity XXE vulnerability in XmlMapper in the Data format extension for Jackson aka jackson-dataformat-xml allows attackers to have unspecified impact via unknown vectors...