CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

MAL-2025-39386 Malicious code in wms-web-ui (npm)

The package wms-web-ui was found to contain malicious code...

CVE-2023-39386

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart...

CVE-2025-39386

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla Hospital Management System hospital-management allows SQL Injection.This issue affects Hospital Management System: from n/a through = 47.020-11-2023...

CVE-2025-39386

creationtimestamp| type| source ---|---|--- 2025-05-19 19:38:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16907 2025-05-19 20:48:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpkgzzw5fc2p...

CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

Adobe Bridge 13.x < 13.0.9 / 14.x < 14.1.2 Multiple Vulnerabilities (APSB24-59)

The version of Adobe Bridge installed on the remote Windows host is prior to 13.0.9 or 14.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-59 advisory. - Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that cou...

Adobe Bridge 13.x < 13.0.9 / 14.x < 14.1.2 Multiple Vulnerabilities (APSB24-59)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 13.0.9 or 14.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-59 advisory. - Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerabilit...

CVE-2023-39386

creationtimestamp| type| source ---|---|--- 2023-08-13 16:18:37+00:00| seen| https://t.me/cibsecurity/68402...

CVE-2023-39386

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart...

CVE-2023-39386

CVE-2023-39386 affects Huawei HarmonyOS’s PMS module where input parameters are not strictly verified. The vulnerability may cause newly installed apps to fail to restart if exploited. The CVE has a high impact on availability (per CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is listed wit...

CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

CVE-2022-39386

The CVE concerns @fastify/websocket/fastify-websocket: all versions are reported to crash when processing a specific malformed WebSocket packet, causing a Denial of Service. The issue stems from a crash on malformed input, and the module is deprecated with no built-in patches. Patched versions ar...

@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)

fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...