Fedora 42 : texlive-base / xpdf (2025-e72c726192)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-e72c726192 advisory. Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900...

Slackware: Security Advisory (SSA:2025-319-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ECHO-3900-0B28-C8B3

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2024-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. CVE-2024-3900 Note that Nessus relies on the presence of t...

Linux Distros Unpatched Vulnerability : CVE-2023-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid...

Linux Distros Unpatched Vulnerability : CVE-2019-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx. It cou...

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

CVE-2021-3900

firefly-iii is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2025-3900

creationtimestamp| type| source ---|---|--- 2025-04-23 21:10:21+00:00| seen| https://t.me/cvedetector/23601 2025-04-25 04:08:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13375...

CVE-2025-3900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...

CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...

CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...

CVE-2025-3900

CVE-2025-3900 affects Drupal Colorbox module before 2.1.3. Affected component: Colorbox (drupal/Colorbox module). Root cause: improper neutralization/insufficient sanitization of input data attributes that can lead to Cross‑Site Scripting (XSS) when rendering web pages. Impact: XSS could be trigg...

CVE-2022-3900

creationtimestamp| type| source ---|---|--- 2025-04-22 15:03:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12871...

Linux Distros Unpatched Vulnerability : CVE-2015-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to inject malicious commands into mainfunction.cgi and execute arbitrary commands by...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. The vulnerability can be exploited to execute arbitrary commands by injecting malicious commands into mainfunction.cgi and calling...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to perform a command injection attack...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to inject malicious commands into mainfunction.cgi and execute arbitrary commands by...

DrayTek Vigor 3900 安全漏洞

DrayTek Vigor 3900 is a high performance router for enterprise networks from China DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3. An attacker can exploit this vulnerability to perform a command injection attack...