ROOT-OS-UBUNTU-2404-CVE-2025-39678 CVE-2025-39678 in rootio-linux - Patched by Root

Root has patched CVE-2025-39678 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

CVE-2026-39678

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through = 2.9.9.6.5...

CVE-2025-39678

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/ 2026-04-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260408 2026-05-10 18:00:00+00:00| seen|...

EUVD-2025-39678

Malicious code in fadhil-mangut55-ruro npm...

BELL-CVE-2025-39678

Bulletin has no description...

CVE-2025-39678

A flaw was found in the AMD HSMP driver in the Linux kernel. A NULL pointer dereference can be triggered due to a missing check when the metric address table is not allocated, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available...

CVE-2025-39678

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock-metrictbladdr is non-NULL If metric table address is not allocated, accessing metricsbin will result in a NULL pointer dereference, so add a check...

MAL-2025-39678 Malicious code in xenon-yaml-pm2-saturnology (npm)

The package xenon-yaml-pm2-saturnology was found to contain malicious code...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2024-39678

creationtimestamp| type| source ---|---|--- 2024-07-18 04:15:38+00:00| seen| https://t.me/cvedetector/1134 2025-02-14 09:47:00+00:00| seen| Telegram/X-iiMcmbKZEdTOtLK9-DS5EMdqyQU0S4m4A2CR5zBlWLCAk...

CVE-2024-39678

CVE-2024-39678 affects the Cooked WordPress plugin (Cooked – Recipe Management). The issue is CSRF due to missing/incorrect nonce validation on the AJAX action handler, allowing tricked actions under an authenticated user. Affected versions are up to and including 1.7.15.4; remediation is to upgr...

CVE-2023-39678

creationtimestamp| type| source ---|---|--- 2023-08-30 00:17:41+00:00| seen| https://t.me/cibsecurity/69388...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

The CVE-2023-39678 entry describes an XSS flaw in the web interface (Log Query page) of the BDCOM OLT P3310D-2AC, firmware 10.1.0F Build 69083. Vulnerable component: the Log Query username parameter; root cause is reflected/stored XSS allowing arbitrary web script/HTML execution. Impact explicitl...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2021-39678

CVE-2021-39678 is described in connected sources as a vulnerability in the Android kernel allowing a bypass of Factory Reset Protection that could lead to local privilege escalation with no user interaction. The NVD entry lists impact as local, with base scores indicating high severity (CVSSv3.1:...