Medium: qemu

Issue Overview: hcd-ohci: infinite loop NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d402 v11.0.0-rc1 CVE-2026-3890 virtio-scsi request size mismatch NOTE: Fixed by:...

Oracle Linux 9 : qemu-kvm (ELSA-2026-50241)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50241 advisory. - Document CVEs Mark Kanda CVE-2025-54566 CVE-2025-54567 CVE-2025-8860 CVE-2026-0665 CVE-2026-3886 - hw/usb/hcd-ohci: check for MPS=0 to avoid infinit...

BELL-CVE-2026-3890

Bulletin has no description...

DEBIAN-CVE-2026-3890

Bulletin has no description...

CVE-2026-3890

hcd-ohci: infinite loop...

Linux Distros Unpatched Vulnerability : CVE-2026-3890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hcd-ohci: infinite loop NOTE: Fixed by: https://gitlab.com/qemu- project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d402 v11.0.0-rc1 CVE-2026-3890...

MiracleLinux 7 : rh-ruby30-ruby-3.0.4-149.el7 (AXSA:2022-3890:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3890:01 advisory. ruby: buffer overflow in CGI.escapehtml CVE-2021-41816 ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-418...

Linux Distros Unpatched Vulnerability : CVE-2011-3890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact...

Linux Distros Unpatched Vulnerability : CVE-2019-3890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information...

TencentOS Server 3: evolution (TSSA-2022:0045)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0045 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2020-3890

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...

CVE-2025-3890

creationtimestamp| type| source ---|---|--- 2025-05-01 12:14:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14261 2025-05-05 23:24:56+00:00| seen| https://t.me/LearnExploit/8001...

CVE-2025-3890 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpcartbutton' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress WordPress Simple PayPal Shopping Cart plugin <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Jack Taylor in WordPress Plugin Simple Shopping Cart versions = 5.1.3...

CVE-2024-3890

CVE-2024-3890 affects the Happy Addons for Elementor WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the Calendly widget, arising from insufficient input sanitization and output escaping on user-supplied attributes. It affects all versions up to and including 3.10.5...

Google Chrome < 107.0.5304.106 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 107.0.5304.106. It is, therefore, affected by multiple vulnerabilities as referenced in the 202211stable-channel-update-for-desktop advisory. - Heap buffer overflow in Crashpad in Google Chrome on Android prior to...

Oracle Linux 7 : evolution (ELSA-2020-1080)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1080 advisory. - Update patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar - Add patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar - Ad...

CVE-2023-3890

creationtimestamp| type| source ---|---|--- 2023-07-25 12:28:22+00:00| seen| https://t.me/cibsecurity/67224...

CVE-2023-3890

Summary: CVE-2023-3890 affects Campcodes Beauty Salon Management System 1.0. The vulnerability is a cross-site scripting flaw in an unknown portion of /admin/edit-accepted-appointment.php caused by unsafely manipulating the id parameter. It can be exploited remotely and exploitation has been disc...

Security fix for the ALT Linux 10 package yandex-browser-stable version 23.1.2.1033-alt1

23.1.2.1033-alt1 built April 4, 2023 Yandex Browser Team in task 317282 March 20, 2023 Yandex Browser Team - browser updated to 23.1.2 + High CVE-2022-4436: Use after free in Blink Media. + High CVE-2022-4437: Use after free in Mojo IPC. + High CVE-2022-4438: Use after free in Blink Frames. + Hig...