EUVD-2026-3869

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...

GO-2025-3869 Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence

Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence...

CVE-2025-3869

creationtimestamp| type| source ---|---|--- 2025-05-24 02:53:42+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpv5d7gt4yw2...

CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious w...

WordPress 4stats plugin <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin 4stats versions = 2.0.9...

CVE-2020-3869

An issue existed in the handling of the local user's self-view. The issue was corrected with improved logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A remote FaceTime user may be able to cause the local user's camera self-view to display the incorrect camera...

CVE-2012-3869

Cross-site scripting XSS vulnerability in include/classes/class.rexlist.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php...

CVE-2024-3869

creationtimestamp| type| source ---|---|--- 2025-02-06 02:43:28+00:00| seen| Telegram/dkobjEK0z9p55GGQbsIydKDKMHzZKjEAWPrqdN4tvhvlkGt...

openSUSE: Security Advisory for webkit2gtk3 (SUSE-SU-2024:3869-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3869-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Customer Reviews for WooCommerce Plugin <= 5.46.0 is vulnerable to Broken Access Control

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.46.0 Fixed in 5.47.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3869 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 450f77baaef7 Credits Thura Moe...

CVE-2023-3869

creationtimestamp| type| source ---|---|--- 2023-10-20 17:22:11+00:00| seen| https://t.me/cibsecurity/72665 2024-01-03 23:58:44+00:00| seen| https://t.me/arpsyndicate/2386...

CVE-2023-3869

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...

CVE-2023-3869

CVE-2023-3869 affects the WordPress wpDiscuz plugin (versions up to and including 7.6.3). The issue is an unauthorized modification of data due to a missing authorization check in the voteOnComment function, enabling unauthenticated attackers to increase or decrease a comment’s rating (IDOR-like ...

SUSE CVE-2009-3869

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...

CVE-2022-3869

creationtimestamp| type| source ---|---|--- 2022-11-06 06:07:15+00:00| seen| https://t.me/cibsecurity/52576 2025-05-05 21:20:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15002...

CVE-2022-3869 Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2...

CVE-2022-3869

The provided sources confirm a code/injection vulnerability in froxlor/froxlor prior to version 0.10.38.2. Multiple documents (CVE-2022-3869 overview, Nuclei template, OSV, CNNVD, Veracode) describe HTML/Code Injection in Froxlor, typically via user input handling (e.g., customermail) and imprope...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.tock:tock-nlp-model-stanford (>=19.9.0 <=22.3.2) +202 more potentially affected by CVE-2021-3869 via edu.stanford.nlp:stanford-corenlp (>=1.2.0 <=4.2.2)

edu.stanford.nlp:stanford-corenlp MAVEN version =1.2.0, =1.3, =19.9.0, =2.09, =2.7.3, =2.7.3, =2.7.3, =2.0.0, =2.0.1, =2.5, =3.0.1 - com.github.hungntbka:htime =1.0 - com.github.jenshaase.uimascala:arktweetpostagger2.11 =0.6.1 - com.github.jenshaase.uimascala:arktweettokenizer2.11 =0.6.1 -...

CVE-2021-3869

creationtimestamp| type| source ---|---|--- 2021-10-19 16:33:15+00:00| seen| https://t.me/cibsecurity/30754...