EUVD-2026-3885

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through = 3.5.7...

MiracleLinux 7 : pacemaker-1.1.19-8.el7.5 (AXSA:2019-3935:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3935:04 advisory. pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc CVE-2018-16877 pacemaker: Insufficient...

Linux Distros Unpatched Vulnerability : CVE-2011-3885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

GO-2025-3885 External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access in github.com/external-secrets/external-secrets

External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access in github.com/external-secrets/external-secrets...

CVE-2025-3885

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this...

CVE-2025-3885 Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this...

Alibaba Cloud Linux 3 : 0004: pacemaker (ALINUX3-SA-2021:0004)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0004 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-3885: A use-after-free flaw was...

CVE-2025-3885

creationtimestamp| type| source ---|---|--- 2025-04-23 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-251/ 2025-05-22 01:42:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17222...

Linux Distros Unpatched Vulnerability : CVE-2020-3885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5,...

Linux Distros Unpatched Vulnerability : CVE-2019-3885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system...

Linux Distros Unpatched Vulnerability : CVE-2015-3885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the ljpegstart function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service crash via a crafted image, which...

CVE-2024-3885 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-3885

CVE-2024-3885 affects Premium Addons for Elementor for WordPress. The issue is Stored XSS via the subcontainer_value parameter due to insufficient input sanitization and output escaping in all versions up to 4.10.28. Exploitation requires authenticated access (contributor or higher) and can injec...

CVE-2024-3885 Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

WordPress Premium Addons for Elementor Plugin <= 4.10.28 is vulnerable to Cross Site Scripting (XSS)

Software Premium Addons for Elementor Type Plugin Vulnerable versions = 4.10.28 Fixed in 4.10.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3885 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID efd244d42ee8 Credits Ngô Thiên An...

Google Chrome < 107.0.5304.106 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 107.0.5304.106. It is, therefore, affected by multiple vulnerabilities as referenced in the 202211stable-channel-update-for-desktop advisory. - Heap buffer overflow in Crashpad in Google Chrome on Android prior to...

CVE-2023-3885

creationtimestamp| type| source ---|---|--- 2023-07-25 12:28:26+00:00| seen| https://t.me/cibsecurity/67228...

CVE-2023-3885

Campcodes Beauty Salon Management System 1.0 contains a cross-site scripting (XSS) vulnerability in /admin/edit_category.php exposed by manipulating the id parameter. The issue is described as requiring user interaction and can be triggered remotely with an exploit disclosed publicly. Affected so...

RHEL 9 : Red Hat Single Sign-On 7.6.4 security update on RHEL 9 (Important) (RHSA-2023:3885)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3885 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.1.2.1033-alt1

23.1.2.1033-alt1 built April 4, 2023 Yandex Browser Team in task 317282 March 20, 2023 Yandex Browser Team - browser updated to 23.1.2 + High CVE-2022-4436: Use after free in Blink Media. + High CVE-2022-4437: Use after free in Mojo IPC. + High CVE-2022-4438: Use after free in Blink Frames. + Hig...