99 matches found
ECHO-0486-CC25-3906
Bulletin has no description...
RHCOS 3 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3906 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...
Fedora: Security Advisory (FEDORA-2026-5774d46593)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2026-3906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in...
DEBIAN-CVE-2026-3906
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API
WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...
CVE-2020-3906
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement...
CVE-2025-3906
The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wepopcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-3906
creationtimestamp| type| source ---|---|--- 2025-04-26 06:08:47+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13568 2025-04-26 06:12:56+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnp3el4dbza2 2025-04-26 07:48:22+00:00| seen|...
CVE-2025-3906 Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wepopcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-3906
CVE-2025-3906 (Integração entre Eduzz e Woocommerce, WordPress) describes a Missing Authorization vulnerability across all versions up to 1.7.5. The issue arises from a missing capability check in the wep_opcoes function, enabling authenticated attackers with Subscriber+ privileges to modify data...
WordPress Integração entre Eduzz e Woocommerce plugin 1.5.0-1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Integração entre Eduzz e Woocommerce versions 1.5.0-1.7.5...
MAL-2024-527 Malicious code in wlwz-2312-3906 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0487f5327df63c26acbf10ae4e90a5eca74dcaa31c9b88b95434588bf2118f34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-3906
creationtimestamp| type| source ---|---|--- 2023-09-29 12:37:31+00:00| seen| https://t.me/cibsecurity/71254...
CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy...
CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy...
CVE-2023-3906
CVE-2023-3906 describes an input validation issue in GitLab Enterprise Edition’s asset proxy that allows an authenticated attacker to craft image URLs to bypass the asset proxy. Affected versions are 12.3–16.2.7, 16.3.x before 16.3.5, and 16.4.x before 16.4.1. The vulnerability is active in GitLa...
GitLab 12.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3906)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft...
SUSE CVE-2005-3906
Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.208 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of...
CVE-2022-3906
creationtimestamp| type| source ---|---|--- 2022-12-12 20:21:20+00:00| seen| https://t.me/cibsecurity/54354...