Fedora 42 : texlive-base / xpdf (2025-e72c726192)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-e72c726192 advisory. Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900...

Slackware: Security Advisory (SSA:2025-319-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ECHO-3900-0B28-C8B3

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2024-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. CVE-2024-3900 Note that Nessus relies on the presence of t...

Linux Distros Unpatched Vulnerability : CVE-2023-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid...

Linux Distros Unpatched Vulnerability : CVE-2019-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It cou...

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

CVE-2021-3900

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2025-3900

creationtimestamp| type| source ---|---|--- 2025-04-23 21:10:21+00:00| seen| https://t.me/cvedetector/23601 2025-04-25 04:08:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13375...

CVE-2025-3900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...

CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...

CVE-2025-3900

CVE-2025-3900 affects Drupal Colorbox module before 2.1.3. Affected component: Colorbox (drupal/Colorbox module). Root cause: improper neutralization/insufficient sanitization of input data attributes that can lead to Cross‑Site Scripting (XSS) when rendering web pages. Impact: XSS could be trigg...

CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...

CVE-2022-3900

creationtimestamp| type| source ---|---|--- 2025-04-22 15:03:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12871...

Linux Distros Unpatched Vulnerability : CVE-2015-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows...

The vulnerability of the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router software allows a hacker to execute arbitrary commands.

The vulnerability of the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router software exists due to the failure to eliminate special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the modifyrow function of the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the modifyrow function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the “restore” function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the “restore” function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the rename_table function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the renametable function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker ...

The vulnerability of the doIPSec function in the mainfunction.cgi file of the DrayTek Vigor 3900 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the doIPSec function in the mainfunction.cgi file of the DrayTek Vigor 3900 router microprogramming system exists due to the failure to address the elimination of certain special elements used in the operating system command. Exploiting this vulnerability allows a remote...