CVE-2025-39398

Missing Authorization vulnerability in Themovation Bellevue bellevuex.This issue affects Bellevue: from n/a through = 4.2.2...

CVE-2025-39398

creationtimestamp| type| source ---|---|--- 2025-05-19 17:39:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16893...

CVE-2025-39398 WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue theme <= 4.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themovation Bellevue bellevuex.This issue affects Bellevue: from n/a through = 4.2.2...

CVE-2025-39398

CVE-2025-39398 is a Missing Authorization vulnerability in the WordPress plugin/theme bundle “Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue” (Bellevuex) affecting versions up to 4.2.2. The vulnerability is categorized as Broken Access Control with a CVSS v3.1 base score of 4.3 (Medi...

CVE-2025-39398 WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue theme <= 4.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2...

WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue Theme <= 4.2.2 is vulnerable to Broken Access Control

Software Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue Type Theme Vulnerable versions = 4.2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39398 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

CVE-2024-39398

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and...

CVE-2024-39398

Adobe Commerce and Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by CVE-2024-39398: Improper Restriction of Excessive Authentication Attempts, which could allow brute-force access to accounts without user interaction. The issue stems from insufficien...

CVE-2024-39398 OTP 2FA can be bruteforced

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and...

CVE-2023-39398

creationtimestamp| type| source ---|---|--- 2023-08-13 16:18:28+00:00| seen| https://t.me/cibsecurity/68394...

CVE-2023-39398

CVE-2023-39398 describes a parameter verification vulnerability in the installd module that can allow reading and writing of sandbox files without authorization. Public references indicate HarmonyOS/installd is affected, with the underlying issue stated as improper parameter validation leading to...

CVE-2022-39398

tasklists is a tasklists plugin for GLPI Kanban. Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting XSS - Create XSS in task content when add it. This issue is patched in version 2.0.3. There are no known workarounds...

CVE-2022-39398 InfotelGLPI vulnerable to Cross-site Scripting

tasklists is a tasklists plugin for GLPI Kanban. Versions prior to 2.0.3 are vulnerable to Cross-site Scripting. Cross-site Scripting XSS - Create XSS in task content when add it. This issue is patched in version 2.0.3. There are no known workarounds...

CVE-2022-39398

CVE-2022-39398 concerns the tasklists plugin for GLPI (Kanban). Versions prior to 2.0.3 are vulnerable to Cross-site Scripting (XSS) by creating XSS in task content when added. The issue is explicitly patched in version 2.0.3 ; no public workarounds are documented. Connected sources confirm the v...

britishmuseum.org XSS vulnerability

Vulnerable URL: http://www.britishmuseum.org/visiting/groupvisits.aspx?x"1=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 39398 Google Pagerank| 8 VIP website status:| Yes Check...

CVE-2026-39398

...

CVE-2026-39398

OpenClaw-ClaudE-Bridge vulnerability CVE-2026-39398 affects v1.1.0. The issue: the CLI flag --allowed-tools is used in an auto-approve manner, not a restriction, so the sandbox remains ineffective because all CLI tools remain nominally available. The fix is to upgrade to v1.1.1, which switches to...