Pypdf: Manipulated XMP Metadata Entity Declarations Can Exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in "pypdf==6.10.0" https://github.com/py-pdf/pypdf/releases/tag/6.10.0. Workarounds If you cannot upgrade yet, consider applying th...

CVE-2026-3724

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patientid causes improper authorization. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-3724

creationtimestamp| type| source ---|---|--- 2026-03-08 08:16:18+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3724...

Linux Distros Unpatched Vulnerability : CVE-2023-3724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffe...

CVE-2011-3724

CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files...

CVE-2025-3724

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-3724

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-3724

creationtimestamp| type| source ---|---|--- 2025-04-16 19:56:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12144 2025-04-17 00:26:02+00:00| seen| https://t.me/cvedetector/23184...

CVE-2025-3724 PCMan FTP Server DIR Command buffer overflow

A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component DIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

PT-2025-3724 · Usbxpress · Usbxpress

Name of the Vulnerable Software and Affected Versions: USBXpress Win 98SE Dev Kit affected versions not specified Description: The issue is caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer, leading to DLL hijacking vulnerabilities. This can result in privilege...

CBL Mariner 2.0 Security Update: mariadb (CVE-2023-3724)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3724 advisory. - If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connectin...

CVE-2024-3724 Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied...

RHEL 6 / 7 : rh-php70-php (RHSA-2019:3724)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3724 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c...

CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2

CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2. A patched version of the package is available...

AZL-27649 CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

CVE-2023-3724

This CVE (CVE-2023-3724) describes a TLS 1.3 client-side issue where, if a server is malicious and the client sends neither a PSK nor a KSE, a default, potentially known, IKM buffer is used to generate the session master secret. The root cause is a mishandled IKM when PSK/KSE are absent, which ca...

CVE-2023-3724

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension

If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...

SUSE CVE-2016-3724

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration...