MINI-3868-WV7J-JMQ3

Bulletin has no description...

CVE-2026-3868

creationtimestamp| type| source ---|---|--- 2026-04-27 07:42:57+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-moxa-security-advisory-av26-393...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

RHEL 9 : kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, and kpatch-patch-5_14_0-570_66_1 (RHSA-2026:3868)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3868 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

EUVD-2026-3868

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.15...

CVE-2025-3868

The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menuObject' parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-3868

creationtimestamp| type| source ---|---|--- 2025-04-25 07:07:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13387 2025-04-25 07:07:36+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmnxvq6q752 2025-04-25 10:49:34+00:00| seen|...

WordPress Custom Admin-Bar Favorites plugin <= 0.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Custom Admin-Bar Favorites versions = 0.1...

Debian: Security Advisory (DLA-3868-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Folders Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Folders Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3868 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a2c21957d7e5 Credits mike harris Required...

CVE-2024-3868

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-3868

The CVE CVE-2024-3868 applies to the Folders Pro WordPress plugin. Connected documents confirm a Stored Cross-Site Scripting (XSS) flaw in Folders Pro versions up to 3.0.2, triggered by a user’s First Name and Last Name input. It requires authentication at subscriber level or higher and can cause...

openSUSE 15: golang-github-QubitProducts-exporter_exporter / etc (SUSE-SU-2023:3868-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3868-1 advisory. golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix...

CVE-2022-3868

creationtimestamp| type| source ---|---|--- 2022-11-05 11:32:14+00:00| seen| https://t.me/cibsecurity/52575...

CVE-2022-3868 SourceCodester Sanitization Management System sql injection

A vulnerability classified as critical has been found in SourceCodester Sanitization Management System. Affected is an unknown function of the file /php-sms/classes/Master.php?f=savequote. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. Th...

CVE-2022-3868

CVE-2022-3868 affects the SourceCodester Sanitization Management System. A vulnerability in an unknown function of the file /php-sms/classes/Master.php?f=save_quote allows manipulation of the argument id, resulting in an SQL injection. This can be triggered remotely and the exploit has been publi...

SUSE SLES15: ruby2.5-rubygem-loofah / ruby2.5-rubygem-loofah-doc / etc (SUSE-SU-2022:3868-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3868-1 advisory. - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements bsc1154751. Tenable has extracted the preceding description block...

CVE-2021-3868

CVE-2021-3868 entry is rejected/not used and does not represent an active vulnerability.

SUSE: Security Advisory (SUSE-SU-2020:1135-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...