MINI-547G-PHWP-3977

Bulletin has no description...

CVE-2026-3977

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is...

CVE-2026-3977

creationtimestamp| type| source ---|---|--- 2026-03-12 03:16:39+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3977...

CVE-2026-3977 projectsend AJAX Endpoints authorization

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is...

CVE-2026-3977

Technical details (affected product/version, exploitability, impact, and remediation) are not publicly provided in the supplied documents. Monitor for updates from official advisories to obtain concrete information about CVE-2026-3977.

CVE-2023-3977

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for...

CVE-2021-3977

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

CVE-2025-3977

creationtimestamp| type| source ---|---|--- 2025-04-27 17:10:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13626 2025-04-27 19:40:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnsyy6fpd72h 2025-04-27 21:20:13+00:00| seen|...

CVE-2025-3977 iteachyou Dreamer CMS Attachment download improper authorization

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

CVE-2025-3977 iteachyou Dreamer CMS Attachment download improper authorization

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

CVE-2025-3977

CVE-2025-3977 affects iteachyou Dreamer CMS up to version 4.1.3. The vulnerability resides in the Attachment Handler’s file path /admin/attachment/download, where manipulating the parameter ID leads to improper authorization. The issue is exploitable remotely and, per sources, the exploit has bee...

Linux Distros Unpatched Vulnerability : CVE-2016-3977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service application crash via the backgroun...

SUSE: Security Advisory (SUSE-SU-2024:3977-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for xen (SUSE-SU-2024:3977-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Lotus Notes Sametime Room Name Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'enumerable' class MetasploitModule 'IBM Lotus Notes Sametime Room Name Bruteforce', 'Description' = %q This module bruteforces Sametime meeting room names via t...

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

RHEL 7 : giflib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - giflib: heap buffer overflow in gif2rgb CVE-2016-3977 - Heap-based buffer overflow in giffix.c in giffix ...

RHEL 6 : giflib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - giflib: heap buffer overflow in gif2rgb CVE-2016-3977 - Heap-based buffer overflow in giffix.c in giffix ...