MINI-GPH6-GFFQ-3954

Bulletin has no description...

MINI-89HR-V6F6-3954

Bulletin has no description...

CVE-2026-3954

A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument filename causes path traversal. The attack may be initiated remotely. The exploit has been...

CVE-2026-3954

creationtimestamp| type| source ---|---|--- 2026-03-11 19:16:23+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3954...

CVE-2020-3954

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation...

CVE-2019-3954

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call...

CVE-2007-3954

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are...

CVE-2025-3954

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack ...

CVE-2025-3954

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack ...

CVE-2025-3954

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack ...

CVE-2025-3954

CVE-2025-3954 affects ChurchCRM 5.16.0, targeting an unknown functionality in the Referer Handler that enables server-side request forgery (SSRF). The issue can be triggered remotely over a network, with attack complexity rated HIGH and exploitation deemed difficult; multiple sources note the exp...

CVE-2025-3954 ChurchCRM Referer server-side request forgery

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack ...

Debian: Security Advisory (DLA-3954-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : firefox (RLSA-2024:3954)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3954 advisory. firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant CVE-2024-5688 firefox: External protocol...

AlmaLinux 8 : firefox (ALSA-2024:3954)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:3954 advisory. firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant CVE-2024-5688 firefox: External protocol...

Oracle Linux 8 : firefox (ELSA-2024-3954)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3954 advisory. 115.12.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file 115.12.0-1 - Update to 115.12.0 build1 Tenable has...

WordPress Ditty Plugin <= 3.1.38 is vulnerable to PHP Object Injection

Software Ditty Type Plugin Vulnerable versions = 3.1.38 Fixed in 3.1.39 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3954 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 3afcc0b0dfe5 Credits Trinh Vu Sonicrrrr Required privilege...

CVE-2023-3954

creationtimestamp| type| source ---|---|--- 2023-08-21 20:41:13+00:00| seen| https://t.me/cibsecurity/68897...

CVE-2023-3954

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...