MINI-3849-R3FM-F73M

Bulletin has no description...

CVE-2026-3849

creationtimestamp| type| source ---|---|--- 2026-03-19 22:42:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhh35phkcr2n...

CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

CVE-2026-3849

Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

VulnCheck KEV: CVE-2010-3849

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service NULL pointer dereference and OOPS via a sendmsg call that specifies a NULL value for the remote address field...

EUVD-2026-3849

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through = 1.7...

CVE-2021-3849

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected...

CVE-2014-3849

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

CVE-2025-3849

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has...

CVE-2025-3849

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has...

CVE-2025-3849

creationtimestamp| type| source ---|---|--- 2025-04-22 00:03:15+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12771 2025-04-22 03:04:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lneoz32tcb2u 2025-04-22 04:11:23+00:00| seen|...

CVE-2025-3849 YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has...

CVE-2025-3849 YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has...

CVE-2025-3849

CVE-2025-3849 affects YXJ2018 SpringBoot-Vue-OnlineExam 1.0 with a vulnerability in the file /api/studentPWD. The manipulation of the parameter studentId enables an unverified password change, and the attack can be initiated remotely. Public reports/entries confirm the existence of this issue acr...

Linux Distros Unpatched Vulnerability : CVE-2018-3849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data...

RHEL 8 : cfitsio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cfitsio: Stack-based buffer overflow in ffghtb allows for potential code execution CVE-2018-3849 - In the...

CVE-2024-3849

CVE-2024-3849 concerns the Click to Chat – HoliThemes WordPress plugin (up to 3.35). The issue is Local File Inclusion, allowing authenticated users with contributor+ rights to include/execute PHP files on the server, bypassing some access controls and potentially leading to code execution. Affec...

WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion

Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...

GHSA-QPXM-689R-3849

creationtimestamp| type| source ---|---|--- 2024-02-26 22:46:37+00:00| seen| https://t.me/ctinow/193812...

mooDating 1.2 - Reflected Cross-site scripting Vulnerability

Exploit Title: mooDating 1.2 - Reflected Cross-site scripting XSS Exploit Author: CraCkEr aka skalvin Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Version: 1.2 Tested on: Windows 10 Pro Impact: Manipulate the content of the...