@antv/chart-advisor (>=1.1.4 <=1.1.7), @opd/ava (=1.0.0) +1 more potentially affected by unknown CVE via @antv/dw-util (=1.1.4)

@antv/dw-util NPM version =1.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/dw-util and may be impacted: - @antv/chart-advisor =1.1.4, =1.0.0, =1.0.10 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3878...

EUVD-2026-3878

Cross-Site Request Forgery CSRF vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through = 1.3...

MiracleLinux 7 : mod_auth_mellon-0.14.0-2.el7.4 (AXSA:2019-3863:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3863:02 advisory. modauthmellon: authentication bypass in ECP flow CVE-2019-3878 modauthmellon: open redirect in logout url when using URLs with backslashes...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.506.AXS4.3 (AXSA:2019-3878:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3878:01 advisory. A flaw was found in the implementation of the fill buffer, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker...

Linux Distros Unpatched Vulnerability : CVE-2016-3878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decoder/ih264dapi.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of...

CVE-2021-3878

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

CVE-2020-3878

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to...

WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via saverify Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin SMS Alert Order Notifications versions = 3.8.1...

CVE-2025-3878

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-3878

creationtimestamp| type| source ---|---|--- 2025-05-10 11:26:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15889 2025-05-10 13:01:52+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3losug7u336h2 2025-05-10 14:37:15+00:00| seen|...

CVE-2025-3878 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-3878

CVE-2025-3878 | SMS Alert Order Notifications – WooCommerce (WordPress) is vulnerable to Stored Cross-Site Scripting via the plugin’s sa_verify shortcode in all versions up to 3.8.1 due to insufficient input sanitization and output escaping of user-supplied attributes. The vulnerability can be ex...

CVE-2022-3878

A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchaseorder/browsedata. The manipulation of the argument tbsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2024-3878

A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20408. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be...

Ubuntu 18.04 LTS : Linux kernel regression (USN-3878-3)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3878-3 advisory. USN-3878-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that could prevent systems with certain graphics chipsets...

CVE-2023-3878

creationtimestamp| type| source ---|---|--- 2023-07-25 07:40:22+00:00| seen| https://t.me/cibsecurity/67206...

CVE-2023-3878

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2023-3878

CVE-2023-3878 affects Campcodes Beauty Salon Management System 1.0, via the /admin/about-us.php file where the paged(es) parameter enables SQL injection. The vulnerability can be exploited remotely; multiple sources indicate the exploit has been disclosed publicly. Root cause centers on manipulat...

Cisco Nexus 9000 Series Switches Telnet Login Denial of Service (CVE-2017-3878)

A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is...

CVE-2022-3878

creationtimestamp| type| source ---|---|--- 2022-11-07 18:34:30+00:00| seen| https://t.me/cibsecurity/52603...