62 matches found
SUSE CVE-2026-3936
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-3936
creationtimestamp| type| source ---|---|--- 2026-03-12 01:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260312 2026-03-12 04:17:11+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116214269969549098 2026-03-12 20:02:08+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2026-3936
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
Google Chrome < 146.0.7680.71 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 146.0.7680.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop10 advisory. - Use after free in WebView in Google Chrome on Android prior to 146.0.7680....
CVE-2026-3936
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-3936
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
EUVD-2025-3936
Malicious code in bioql PyPI...
CVE-2025-3936
creationtimestamp| type| source ---|---|--- 2025-08-07 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-02...
CVE-2025-3936 Incorrect Permission Assignment for Critical Resource
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,...
CVE-2025-3936
CVE-2025-3936 involves an Incorrect Permission Assignment for Critical Resource in Tridium Niagara Framework (Windows) and Tridium Niagara Enterprise Security (Windows) . The root cause is misconfigured access control that could enable an attacker to exploit permissions on critical resources. Aff...
CVE-2019-3936
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an acti...
CVE-2024-3936
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...
WordPress The Post Grid Plugin <= 7.6.1 is vulnerable to Broken Access Control
Software The Post Grid Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3936 Patch priority Low CVSS severity Low 4.3 Developer Mamunur Rashid PSID ba4fe441d17b Credits Pavel Palii Required privilege...
Oracle Linux 7 : ipa (ELSA-2020-3936)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3936 advisory. - Resolves: 1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method - WebUI: Apply jQuery patch to fix...
CVE-2023-3936
The CVE-2023-3936 entry concerns the Blog2Social WordPress plugin prior to version 7.2.1. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by improper sanitisation/escaping of an input parameter before echoing it on the page, potentially affecting high-privilege users (e.g....
CVE-2023-3936 Blog2Social < 7.2.1 - Reflected XSS
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-3936
creationtimestamp| type| source ---|---|--- 2023-01-04 11:55:27+00:00| seen| https://t.me/cibsecurity/55748...
CVE-2022-3936
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...
CVE-2022-3936 Team Members < 5.2.1 - Editor+ Stored XSS
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...
CVE-2022-3936
CVE-2022-3936 affects the Team Members WordPress plugin prior to 5.2.1. The issue arises because the plugin does not fully sanitize and escape some settings, enabling Stored XSS by high-privilege users (e.g., editors), even when unfiltered_html is disallowed (including multisite setups). Public d...