CLSA-2026-1777445542 libssh2: Fix of 2 CVEs

CVE-2019-3858: fix zero-byte allocation in sftppacketread - CVE-2019-3859: fix out-of-bounds reads in libssh2packetrequire...

EUVD-2026-3858

Cross-Site Request Forgery CSRF vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through = 1.4.5...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3858)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin only works with Tenable.ot...

EUVD-2010-4216

Malware in sbrugna...

EUVD-2009-3858

Malware in sbrugna...

CGA-VX52-3858-FVF2

Bulletin has no description...

CVE-2024-3858

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox 125...

CVE-2021-3858

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2020-3858

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges...

CVE-2011-3858

Cross-site scripting XSS vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...

CVE-2025-3858

The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-3858

creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:41+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14428 2025-05-02 07:34:35+00:00| seen| https://t.me/cvedetector/24311 2025-05-02 08:00:41+00:00| seen|...

CVE-2025-3858

CVE-2025-3858 affects the WordPress plugin Formality (versions up to 1.5.8). It is a Stored Cross‑Site Scripting (XSS) via the align parameter caused by insufficient input sanitization and output escaping. Exploitation requires Contributor+ authentication , and an attacker can inject scripts that...

WordPress Formality plugin <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Formality versions = 1.5.8...

Linux Distros Unpatched Vulnerability : CVE-2019-3858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who...

K000148713: libssh2 vulnerabilities CVE-2019-3858 and CVE-2019-3862

Security Advisory Description CVE-2019-3858 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

Debian: Security Advisory (DLA-3858-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3858 : libruby2.7 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3858 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3858-1 [email protected]...

RHEL 6 : libssh2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - A...

Ubuntu: Security Advisory (USN-6747-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...