78 matches found
CVE-2026-3895 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...
MINI-X76C-3895-CM5Q
Bulletin has no description...
EUVD-2026-3895
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...
CVE-2025-3895
creationtimestamp| type| source ---|---|--- 2025-05-23 15:55:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lptykhmbyx2e...
CVE-2025-3895
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...
CVE-2025-3895 Low token entropy in MegaBIP
Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords including these belonging to...
CVE-2025-3895
CVE-2025-3895 affects MegaBIP; tokens used for resetting passwords are generated from a small space of random values combined with a queryable value. This allows an unauthenticated attacker who knows user login names to brute force reset tokens and change account passwords, including administrato...
CVE-2022-3895
creationtimestamp| type| source ---|---|--- 2025-04-29 19:12:29+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13902...
Linux Distros Unpatched Vulnerability : CVE-2020-3895
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1,...
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CGA-3895-M462-85V8
Bulletin has no description...
Debian: Security Advisory (DLA-3895-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in wpdp_add_new_datepicker_ajax() across all versions up to 2.1.0. Authenticated attackers with subscriber-level access and above can update arbitrary options that may lead ...
RHEL 7 : openstack-tripleo-common (RHSA-2019:1742)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1742 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI codename tripleo. Securit...
RHEL 7 : openstack-tripleo-common (RHSA-2019:1683)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1683 advisory. openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI codename tripleo. Securit...
WordPress WP Datepicker Plugin <= 2.1.0 is vulnerable to Privilege Escalation
Software WP Datepicker Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3895 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9dd2e88f0ed7 Credits Lucio Sá...
$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a...
SUSE CVE-2009-3895
Heap-based buffer overflow in the exifentryfix function aka the tag fixup routine in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party...
CVE-2022-3895 Potential XSS in common user interface component library
Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML XSS...