EUVD-2026-3955

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.4...

CVE-2020-3955

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...

CVE-2025-3955

A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /editrpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2025-3955

A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /editrpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2025-3955

A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /editrpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2025-3955

creationtimestamp| type| source ---|---|--- 2025-04-27 01:08:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13589 2025-04-27 03:35:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd2zfoox2s 2025-04-27 04:37:18+00:00| seen|...

CVE-2025-3955

CVE-2025-3955 affects codeprojects Patient Record Management System 1.0. The vulnerability resides in /edit_rpatient.php.php, where unsafely handling the id/lastname parameters enables SQL injection. Attacks can be initiated remotely, and multiple sources report that the exploit has been disclose...

CVE-2022-3955

A vulnerability was found in tholum crm42. It has been rated as critical. This issue affects some unknown processing of the file crm42\class\class.user.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit h...

AlmaLinux 9 : firefox (ALSA-2024:3955)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3955 advisory. firefox: Use-after-free in networking CVE-2024-5702 firefox: Use-after-free in JavaScript object transplant CVE-2024-5688 firefox: External protocol...

Oracle Linux 9 : firefox (ELSA-2024-3955)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3955 advisory. 115.12.0-1.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 115.12.0-1 - Update to 115.12.0 build1 Tenable has...

RHEL 9 : firefox (RHSA-2024:3955)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3955 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

CVE-2024-3955

CVE-2024-3955 affects CraftBeerPi 4 up to 4.4.1.a1. The issue arises when the URL parameter logtime in the downloadlog endpoint is passed from cbpi/http_endpoints/http_system.py to os.system in cbpi/controller/system_controller.py without validation, allowing arbitrary code execution. Multiple co...

Important: Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.0 security update

The components for Red Hat OpenShift for Windows Containers 9.0.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update ...

Fedora 39 : kubernetes (2023-8f8ddb2428)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8f8ddb2428 advisory. Updates to Kubernetes for F38 and F39. Security fixes for CVE-2023-3955 and CVE-2023-3676. Related update for rawhide already in stable. Update for...

CVE-2023-3955 vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, kubeflow-pipelines...

DEBIAN-CVE-2023-3955

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...

CVE-2023-3955

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...

CVE-2023-3955

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...

CVE-2023-3955

CVE-2023-3955 (Kubernetes) describes a privilege-escalation issue: a user who can create pods on Windows nodes may escalate to admin privileges on those nodes. Affected scope is limited to clusters that include Windows nodes. The description does not provide specifics on exploit vectors, affected...