Lucene search
K

99 matches found

OSV
OSV
added 2026/06/06 9:32 a.m.8 views

ECHO-0486-CC25-3906

Bulletin has no description...

8.3CVSS5.2AI score0.00286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3906 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...

7.8CVSS7.3AI score0.83433EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2026/03/23 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2026-5774d46593)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-3906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in...

4.3CVSS5.5AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 10:16 a.m.2 views

DEBIAN-CVE-2026-3906

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.4AI score0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 9:25 a.m.5 views

CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.8 views

CVE-2020-3906

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement...

7.8CVSS6.2AI score0.00956EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/28 6:15 a.m.16 views

CVE-2025-3906

The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wepopcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS6.5AI score0.00387EPSS
Exploits0References1
Circl
Circl
added 2025/04/26 6:8 a.m.8 views

CVE-2025-3906

creationtimestamp| type| source ---|---|--- 2025-04-26 06:08:47+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13568 2025-04-26 06:12:56+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnp3el4dbza2 2025-04-26 07:48:22+00:00| seen|...

8.8CVSS8.7AI score0.00387EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/26 5:34 a.m.10 views

CVE-2025-3906 Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wepopcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS8.3AI score0.00387EPSS
Exploits0References4
CVE
CVE
added 2025/04/26 5:34 a.m.79 views

CVE-2025-3906

CVE-2025-3906 (Integração entre Eduzz e Woocommerce, WordPress) describes a Missing Authorization vulnerability across all versions up to 1.7.5. The issue arises from a missing capability check in the wep_opcoes function, enabling authenticated attackers with Subscriber+ privileges to modify data...

8.8CVSS8.4AI score0.00387EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/04/25 9:14 p.m.10 views

WordPress Integração entre Eduzz e Woocommerce plugin 1.5.0-1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Integração entre Eduzz e Woocommerce versions 1.5.0-1.7.5...

8.8CVSS8.3AI score0.00387EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/24 8:23 p.m.6 views

MAL-2024-527 Malicious code in wlwz-2312-3906 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0487f5327df63c26acbf10ae4e90a5eca74dcaa31c9b88b95434588bf2118f34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Circl
Circl
added 2023/09/29 12:37 p.m.6 views

CVE-2023-3906

creationtimestamp| type| source ---|---|--- 2023-09-29 12:37:31+00:00| seen| https://t.me/cibsecurity/71254...

3.5CVSS4.5AI score0.00483EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/29 6:2 a.m.13 views

CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy...

3.5CVSS3.4AI score0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/29 6:2 a.m.24 views

CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy...

3.5CVSS4.3AI score0.00483EPSS
Exploits0References2
CVE
CVE
added 2023/09/29 6:2 a.m.242 views

CVE-2023-3906

CVE-2023-3906 describes an input validation issue in GitLab Enterprise Edition’s asset proxy that allows an authenticated attacker to craft image URLs to bypass the asset proxy. Affected versions are 12.3–16.2.7, 16.3.x before 16.3.5, and 16.4.x before 16.4.1. The vulnerability is active in GitLa...

3.5CVSS3.8AI score0.00483EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.30 views

GitLab 12.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3906)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft...

3.5CVSS5.3AI score0.00483EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.6 views

SUSE CVE-2005-3906

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.208 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of...

7.5CVSS7.6AI score0.05168EPSS
Exploits0References4
Circl
Circl
added 2022/12/12 8:21 p.m.7 views

CVE-2022-3906

creationtimestamp| type| source ---|---|--- 2022-12-12 20:21:20+00:00| seen| https://t.me/cibsecurity/54354...

4.8CVSS4.9AI score0.00392EPSS
Exploits1References1
Rows per page
Query Builder