CVE-2026-3939

creationtimestamp| type| source ---|---|--- 2026-03-12 01:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260312 2026-03-16 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0298/ 2026-03-16 01:00:00+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-3939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF fil...

CVE-2026-3939

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...

CVE-2023-3939

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2025-3939 Observable Response Discrepancy

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...

CVE-2025-3939 Observable Response Discrepancy

Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...

CVE-2019-3939

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device...

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake ...

CVE-2023-3939

creationtimestamp| type| source ---|---|--- 2024-06-12 15:10:04+00:00| published-proof-of-concept| https://t.me/BlackHat0Hackers/52 2024-06-12 18:41:36+00:00| published-proof-of-concept| https://t.me/ZeroEthicalCourse/441 2024-07-17 13:08:30+00:00| seen| https://t.me/androidMalware/2248...

CGA-3939-99J6-MFJ7

Bulletin has no description...

CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3939

The CVE-2024-3939 vulnerability affects the Ditty – Responsive News Tickers, Sliders, and Lists WordPress plugin up to version 3.1.35 (fixed in 3.1.36). It arises from inadequate sanitization/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins), even whe...

CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Ditty Plugin < 3.1.36 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.36 Fixed in 3.1.36 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3939 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c2dbb8b75b36 Credits Krugov Aryom Required privilege...

CVE-2023-3939

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects...

CVE-2023-3939

CVE-2023-3939 is a high-severity OS command injection affecting ZkTeco-based OEM devices (notably ZKProFace X, Smartec ST-FR043/FR041ME) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0. The vulnerability allows execution of arbitrary commands with root privileges via network-accessible components, l...

Debian: Security Advisory (DSA-1996-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3939

creationtimestamp| type| source ---|---|--- 2022-11-13 05:39:25+00:00| seen| https://t.me/cibsecurity/52874...

SUSE: Security Advisory (SUSE-SU-2022:3939-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...