CVE-2026-39370

creationtimestamp| type| source ---|---|--- 2026-04-06 12:49:09+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-cmcr-q4jf-p6q9 2026-04-07 20:31:04+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miwmoiec4h2g 2026-04-07 21:22:19+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2022-39370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

MAL-2025-39370 Malicious code in wizardcc (npm)

The package wizardcc was found to contain malicious code...

CVE-2025-39370

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in cnilsson iCafe Library icafe-library allows SQL Injection.This issue affects iCafe Library: from n/a through = 1.8.3...

CVE-2025-39370 WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3...

WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0x1ceKing Patchstack Alliance in WordPress Plugin iCafe Library versions = 1.8.3...

CVE-2024-39370

creationtimestamp| type| source ---|---|--- 2025-01-14 15:17:06+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpkaw45ul2f...

CVE-2024-39370

An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39370

An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39370

CVE-2024-39370 affects the Wavlink AC3000 M33A8.V5030.210505: the adm.cgi set_MeshAp() function is vulnerable to a buffer overflow via crafted POST data (e.g., wlan_ssid2), enabling arbitrary code execution after passing authentication. TALOS cites a CVSSv3.1 score of 9.1 (CRITICAL) with network ...

Wavlink AC3000 adm.cgi set_MeshAp() arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2024-2031 Wavlink AC3000 adm.cgi setMeshAp arbitrary code execution vulnerability January 14, 2025 CVE Number CVE-2024-39370 SUMMARY An arbitrary code execution vulnerability exists in the adm.cgi setMeshAp functionality of Wavlink AC3000 M33A8.V5030.210505. A...

CVE-2023-39370

CVE-2023-39370 affects StarTrinity Softswitch, specifically version 2023-02-16, with a Persistent XSS vulnerability (CWE-79) in the web UI. Root cause is improper handling of user-supplied input leading to script injection. Documented impact includes confidentiality and integrity concerns (per CV...

Security fix for the ALT Linux 9 package glpi version 9.5.10-alt1

Nov. 4, 2022 Pavel Zilke 9.5.10-alt1 - New version 9.5.10 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information +...

CVE-2022-39370

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

CVE-2022-39370 Improper access to debug panel in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

CVE-2022-39370 Improper access to debug panel in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

CVE-2022-39370

CVE-2022-39370 affects GLPI. The issue allows connected users to gain access to the debug panel via the GLPI update script. It has been patched; upgrade to 10.0.4 is recommended. As a workaround, delete the install/update.php script. Public details in the initial description indicate mitigation t...

CVE-2022-39370 Improper access to debug panel in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...