CVE-2026-3746

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may...

CVE-2026-3746

creationtimestamp| type| source ---|---|--- 2026-03-08 15:16:01+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3746...

MiracleLinux 8 : firefox-91.11.0-2.el8.ML.1 (AXSA:2022-3746:19)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3746:19 advisory. Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI CVE-2022-34468 Mozilla: Use-after-free in nsSHistor...

Linux Distros Unpatched Vulnerability : CVE-2016-3746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x...

CVE-2020-3746

creationtimestamp| type| source ---|---|--- 2025-08-31 03:13:06+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

TencentOS Server 3: libtpms (TSSA-2022:0274)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0274 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2024-3746

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files...

CVE-2011-3746

Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files...

CVE-2025-3746

The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated...

CVE-2025-3746 OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation

The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated...

WordPress OTP-less one tap Sign in plugin 2.0.14-2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation vulnerability

Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin OTP-less one tap Sign in versions 2.0.14-2.0.59...

Linux Distros Unpatched Vulnerability : CVE-2021-3746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2...

openSUSE: Security Advisory for protobuf (SUSE-SU-2024:3746-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : 8.2_libtpms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtpms: out-of-bounds access via specially crafted TPM 2 command packets CVE-2021-3746 - A stack...

RHEL 8 : libtpms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtpms: out-of-bounds access when trying to resume the state of the vTPM CVE-2021-3623 - A flaw was foun...

CVE-2024-3746

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files...

CVE-2024-3746

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files...

CVE-2024-3746

CVE-2024-3746 affects Measuresoft ScadaPro, where the entire directory path “C:\ScadaPro” and its subdirectories/files are writable by non-privileged users. The vulnerability is an improper access control (CWE-284) that can enable privilege escalation from unprivileged to SYSTEM on affected SCADA...

Measuresoft ScadaPro

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Low attack complexity Vendor : Measuresoft Equipment : ScadaPro Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges from unprivileged to...

Debian dla-3746 : libwireshark-data - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3746 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3746-1 [email protected]...