CVE-2026-3895 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

@antv/f2-site (=5.0.0-alpha.1) potentially affected by unknown CVE via @antv/f2-react (=5.14.0)

@antv/f2-react NPM version =5.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f2-react and may be impacted: - @antv/f2-site =5.0.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3895...

MINI-X76C-3895-CM5Q

Bulletin has no description...

EUVD-2026-3895

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...

CVE-2025-3895

creationtimestamp| type| source ---|---|--- 2025-05-23 15:55:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lptykhmbyx2e...

CVE-2025-3895

Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...

CVE-2025-3895 Low token entropy in MegaBIP

Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...

CVE-2025-3895

CVE-2025-3895 affects MegaBIP; tokens used for resetting passwords are generated from a small space of random values combined with a queryable value. This allows an unauthenticated attacker who knows user login names to brute force reset tokens and change account passwords, including administrato...

CVE-2022-3895

creationtimestamp| type| source ---|---|--- 2025-04-29 19:12:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13902...

Linux Distros Unpatched Vulnerability : CVE-2020-3895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1,...

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

CGA-3895-M462-85V8

Bulletin has no description...

Debian: Security Advisory (DLA-3895-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in wpdp_add_new_datepicker_ajax() across all versions up to 2.1.0. Authenticated attackers with subscriber-level access and above can update arbitrary options that may lead ...

RHEL 7 : openstack-tripleo-common (RHSA-2019:1683)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1683 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI codename tripleo. Securit...

RHEL 7 : openstack-tripleo-common (RHSA-2019:1742)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1742 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI codename tripleo. Securit...

WordPress WP Datepicker Plugin <= 2.1.0 is vulnerable to Privilege Escalation

Software WP Datepicker Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3895 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9dd2e88f0ed7 Credits Lucio Sá...

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a...

SUSE CVE-2009-3895

Heap-based buffer overflow in the exifentryfix function aka the tag fixup routine in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party...