77 matches found
MINI-GM3V-3742-WFR6
Bulletin has no description...
CVE-2026-3742
A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/DsinglePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and ma...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003742)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003742 advisory. Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more th...
Linux Distros Unpatched Vulnerability : CVE-2012-3742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows...
Linux Distros Unpatched Vulnerability : CVE-2016-3742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decoder/ih264dprocessintramb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or...
CVE-2020-3742
Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2013-3742
Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...
CVE-2011-3742
HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files...
WordPress Responsive Lightbox & Gallery plugin < 2.5.1 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Responsive Lightbox versions 2.5.1...
CVE-2025-3742
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-3742
CVE-2025-3742 affects the WordPress plugin “Responsive Lightbox & Gallery” (pre-2.5.1). The root cause is unvalidated/escaped attributes being output in pages/posts, enabling Stored Cross-Site Scripting for users with the contributor role and above. Impact is stored XSS in affected content, with ...
CVE-2025-3742 Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-3742 Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2021-3742
creationtimestamp| type| source ---|---|--- 2024-11-15 10:54:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113486597712148555 2024-11-15 13:15:51+00:00| seen| https://t.me/cvedetector/11073 2026-07-03 18:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpr6v46ffi23...
CVE-2021-3742 Server-Side Request Forgery (SSRF) in chatwoot/chatwoot
A Server-Side Request Forgery SSRF vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigg...
CVE-2021-3742
Chatwoot/chatwoot before 2.5.0 is affected by a Server-Side Request Forgery (SSRF) via SVG file uploads used as avatars; opening the SVG can trigger SSRF and host redirection. Root cause: SVG handling allows SSRF payloads in uploaded avatars. Impact: host redirection. Remediation: upgrade to 2.5....
SUSE: Security Advisory (SUSE-SU-2024:3742-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : qemu-kvm-rhev (RHSA-2019:3742)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3742 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...
CVE-2024-3742
CVE-2024-3742 affects Electrolink FM/DAB/TV Transmitters. Affected devices store credentials in clear-text (eg, controlloLogin.js/login.htm/mail.htm), enabling an attacker to access credentials and gain system access. Unauthenticated credential disclosure is supported by the NUCLEI template; impa...
CVE-2024-3742 Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system...