@antv/g-mobile-canvas (>=1.0.0 <=1.0.49), @antv/g-mobile-svg (>=1.0.0 <=1.0.46) +1 more potentially affected by unknown CVE via @antv/g-plugin-mobile-interaction (>=1.0.0 <=1.0.9)

@antv/g-plugin-mobile-interaction NPM version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.56 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3949...

SUSE SLED15 / SLES15 Security Update : libheif (SUSE-SU-2026:1660-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1660-1 advisory. - CVE-2026-3949: Manipulation of the argument size of a malicious frame can lead to out-of-bounds read bsc1259541...

Security update for libheif

This update for libheif fixes the following issues: CVE-2026-3949: Manipulation of the argument size of a malicious frame can lead to out-of-bounds read bsc1259541. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1509)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1509 advisory. A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a...

SUSE CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

Linux Distros Unpatched Vulnerability : CVE-2026-3949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the...

DEBIAN-CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

EUVD-2026-3949

Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through = 20.2...

CVE-2019-3949

Arlo Basestation firmware 1.12.0.127940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device...

CVE-2025-3949

The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprodlitegetrevisisons' function in all versions up to, and including, 6.18.15...

CVE-2025-3949

CVE-2025-3949 concerns the WordPress plugin “Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode” (versions up to and including 6.18.15). The vulnerability is a missing capability check in the seedprod_lite_get_revisisons function, which, per the ...

CVE-2025-3949 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprodlitegetrevisisons' function in all versions up to, and including, 6.18.15...

CVE-2025-3949 Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprodlitegetrevisisons' function in all versions up to, and including, 6.18.15...

WordPress Website Builder by SeedProd plugin <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd versions = 6.18.15...

Debian: Security Advisory (DLA-3949-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3949

creationtimestamp| type| source ---|---|--- 2023-12-21 17:11:52+00:00| seen| https://t.me/ctinow/157822...

GitLab 11.3 < 16.4.3 / 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-3949)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was...

CVE-2023-3949

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...

CVE-2023-3949 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...

CVE-2023-3949 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint...