CVE-2026-3841

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

EUVD-2026-3841

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through = 1.2...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.211-2.6.17.1.0.1.el7.AXS7 (AXSA:2019-3841:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3841:02 advisory. Security Fix - Oracle Java SE Libraries Java SE CVE-2019-2422 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from...

CVE-2023-3841

A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The...

CVE-2021-3841

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

CVE-2020-3841

The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network...

CVE-2014-3841

Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...

CVE-2025-3841

creationtimestamp| type| source ---|---|--- 2025-04-21 20:03:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12747 2025-04-21 23:04:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lneblkfkxv2a 2025-04-22 00:00:25+00:00| seen|...

CVE-2025-3841

CVE-2025-3841 affects wix-incubator jam (jam.py; Jinja2 Template Handler). The vulnerability arises from improper neutralization of special elements in the Jinja2 template engine when processing config['template'], enabling an attack on the local host. Exploitation details are not fully enumerate...

CVE-2022-3841

creationtimestamp| type| source ---|---|--- 2025-04-09 13:47:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11054...

Linux Distros Unpatched Vulnerability : CVE-2024-3841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged...

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

Debian dla-3841 : linux-config-5.10 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3841 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3841-1 [email protected]...

Debian: Security Advisory (DLA-3841-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : opera (openSUSE-SU-2024:0156-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0156-1 advisory. Update to 110.0.5130.64 CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 DNA-116317 Create outline or shadow around emojis o...

openSUSE Security Advisory (openSUSE-SU-2024:0128-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0150)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

DEBIAN-CVE-2024-3841

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Chromium security severity: Medium...