CVE-2026-39349

creationtimestamp| type| source ---|---|--- 2026-04-07 20:35:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwmvw65jy27...

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

EUVD-2025-39349

Malicious code in udin-gembus3-miaww npm...

MAL-2025-39349 Malicious code in wisp-peony-rfc444-project (npm)

The package wisp-peony-rfc444-project was found to contain malicious code...

CVE-2022-39349

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...

CVE-2025-39349

Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through = 4.18.0...

CVE-2025-39349

creationtimestamp| type| source ---|---|--- 2025-05-19 20:39:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16940 2025-05-19 20:48:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzziftf2v...

CVE-2025-39349

Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through = 4.18.0...

CVE-2025-39349 WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through = 4.18.0...

CVE-2025-39349 WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0...

CVE-2025-39349

CVE-2025-39349 : WordPress theme Potenzaglobalsolutions CiyaShop (versions n/a–4.18.0) suffers a PHP Object Injection through deserialization of untrusted data. Underlying risk is tied to object injection (high-impact), with CVSS 3.1 vector: Network, Low complexity, None privileges, no user inter...

WordPress CiyaShop Theme <= 4.18.0 is vulnerable to PHP Object Injection

Software CiyaShop Type Theme Vulnerable versions = 4.18.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39349 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 68a2f2e9e8f8 Credits Bonds Required privilege Unauthenticated Publishe...

CVE-2024-39349

creationtimestamp| type| source ---|---|--- 2024-07-08 09:52:00+00:00| published-proof-of-concept| https://t.me/HackingInsights/5202...

CVE-2024-39349

A vulnerability regarding buffer copy without checking size of input 'Classic Buffer Overflow' is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camer...

CVE-2023-39349

creationtimestamp| type| source ---|---|--- 2023-08-07 22:18:38+00:00| seen| https://t.me/cibsecurity/67907...

CVE-2023-39349

Sentry vulnerability CVE-2023-39349 affects self-hosted Sentry and the hosted service prior to 23.7.2. A attacker with a token that has few or no scopes can query the /api/0/api-tokens/ endpoint to enumerate all tokens created by a user, including tokens with greater scopes, and reuse them in oth...

CVE-2022-39349

The CVE-2022-39349 vulnerability affects Tasks.org Android app prior to versions 12.7.1 and 13.0.1, where ShareLinkActivity.kt may copy files from internal storage to external storage if unvalidated file paths are supplied via share intents. This local-attack vector could disclose sensitive data ...

CVE-2021-39349

creationtimestamp| type| source ---|---|--- 2021-10-15 16:28:43+00:00| seen| https://t.me/cibsecurity/30613...

CVE-2021-39349

The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrar...

CVE-2021-39349

The CVE describes a Stored Cross-Site Scripting vulnerability in the WordPress Author Bio Box plugin (affected versions up to 3.3.1; PatchStack notes up to 3.4.0). The root cause is insufficient input validation and sanitization across several parameters in includes/admin/class-author-bio-box-adm...