MINI-3868-WV7J-JMQ3

Bulletin has no description...

@2nova/wu-ui (>=1.1.0 <=1.1.19), @ada-lc/fusion-materials (>=0.1.1 <=0.1.3) +481 more potentially affected by unknown CVE via @antv/data-set (>=0.10.1 <=0.11.8)

@antv/data-set NPM version =0.10.1, =1.1.0, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =0.5.0-alpha.0, =0.1.16, =0.1.1, =1.0.4, =0.0.1, =1.0.2, =1.0.0-alpha.1, =1.0.3, =1.0.3-alpha.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3868...

CVE-2026-3868

creationtimestamp| type| source ---|---|--- 2026-04-27 07:42:57+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-moxa-security-advisory-av26-393...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

RHEL 9 : kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, and kpatch-patch-5_14_0-570_66_1 (RHSA-2026:3868)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3868 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

EUVD-2026-3868

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

CVE-2025-3868

The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menuObject' parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-3868

creationtimestamp| type| source ---|---|--- 2025-04-25 07:07:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13387 2025-04-25 07:07:36+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmnxvq6q752 2025-04-25 10:49:34+00:00| seen|...

WordPress Custom Admin-Bar Favorites plugin <= 0.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Custom Admin-Bar Favorites versions = 0.1...

Debian: Security Advisory (DLA-3868-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Folders Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Folders Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3868 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a2c21957d7e5 Credits mike harris Required...

CVE-2024-3868

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-3868

The CVE CVE-2024-3868 applies to the Folders Pro WordPress plugin. Connected documents confirm a Stored Cross-Site Scripting (XSS) flaw in Folders Pro versions up to 3.0.2, triggered by a user’s First Name and Last Name input. It requires authentication at subscriber level or higher and can cause...

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:3868-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3868-1 advisory. - An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

CVE-2022-3868

creationtimestamp| type| source ---|---|--- 2022-11-05 11:32:14+00:00| seen| https://t.me/cibsecurity/52575...

SUSE SLES15 Security Update : rubygem-loofah (SUSE-SU-2022:3868-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3868-1 advisory. - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

CVE-2022-3868

CVE-2022-3868 affects the SourceCodester Sanitization Management System. A vulnerability in an unknown function of the file /php-sms/classes/Master.php?f=save_quote allows manipulation of the argument id, resulting in an SQL injection. This can be triggered remotely and the exploit has been publi...

CVE-2022-3868 SourceCodester Sanitization Management System sql injection

A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=savequote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. Th...

CVE-2021-3868

CVE-2021-3868 entry is rejected/not used and does not represent an active vulnerability.