113 matches found
CLSA-2026-1778788223 libssh2: Fix of 2 CVEs
CVE-2019-3860: bounds-check SFTP packet sizes in sftppacketrequire/v and sftpbin2attr - CVE-2019-3861: bounds-check paddinglength in libssh2transportread...
EUVD-2026-3860
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through = 1.2.5...
Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3860)
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin only works with Tenable.ot. Please visit...
CVE-2024-3860
An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox 125...
CVE-2021-3860
JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...
CVE-2025-3860
creationtimestamp| type| source ---|---|--- 2025-05-07 02:21:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15240 2025-05-07 04:26:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl367hu2e 2025-05-07 07:12:47+00:00| seen| https://t.me/cvedetector/24666...
CVE-2025-3860 CarDealerPress <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter
The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.8.2505.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
WordPress CarDealerPress plugin <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via saleclass Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin CarDealerPress versions = 6.8.2505.00...
Linux Distros Unpatched Vulnerability : CVE-2019-3860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SS...
Linux Distros Unpatched Vulnerability : CVE-2010-3860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows...
K000149288: libssh vulnerabilities CVE-2019-3859 and CVE-2019-3860
Security Advisory Description CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...
openSUSE: Security Advisory for the Linux Kernel (Live Patch 13 for SLE 15 SP5) (SUSE-SU-2024:3860-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6747-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6747-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6747-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...
Mozilla Firefox Security Update (MFSA2024-18) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
UBUNTU-CVE-2024-3860
An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox 125...
KLA65639 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting attack, spoof user interface, bypass security restrictions, execute arbitrary code, obtain sensitive information. Below is a complete...
JFrog Artifactory < 7.25.4 - Blind SQL Injection Exploit
Exploit Title: artifactory low-privileged blind sql injection Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...
JFrog Artifactory < 7.25.4 - Blind SQL Injection
Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...
JFrog Artifactory SQL Injection
Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...