CVE-2026-3985

creationtimestamp| type| source ---|---|--- 2026-05-20 15:32:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mmc7zsxv322c...

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2020-3985

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their...

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

CVE-2011-3985

Cross-site scripting XSS vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

org.apereo.cas:cas-management-webapp (>=5.0.0 <=5.0.10) potentially affected by CVE-2025-3985 via org.apereo.cas:cas-management-webapp-support (>=5.0.0 <=5.0.9)

org.apereo.cas:cas-management-webapp-support MAVEN version =5.0.0, =5.0.0, =5.0.10 Source cves: CVE-2025-3985 Source advisory: OSV:GHSA-8RX4-FXQ5-VJ4V...

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3985

creationtimestamp| type| source ---|---|--- 2025-04-27 21:11:41+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13637 2025-04-27 21:40:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnt7owfytv2t 2025-04-28 01:31:07+00:00| seen|...

org.apereo.cas:cas-management-webapp (>=5.0.0 <=5.0.10) potentially affected by CVE-2025-3985 via org.apereo.cas:cas-management-webapp-support (>=5.0.0 <=5.0.9)

org.apereo.cas:cas-management-webapp-support MAVEN version =5.0.0, =5.0.0, =5.0.10 Source cves: CVE-2025-3985 Source advisory: SNYK:JAVA-ORGAPEREOCAS-9893216...

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3985

CVE-2025-3985 affects Apereo CAS 5.2.6. The vulnerability lies in the ManageRegisteredServicesMultiActionController.java handling of the Query argument, causing inefficient regular expression backtracking (ReDoS) and potential remote exploitation. Public disclosures exist, with no fixed version r...

CVE-2024-3985

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-3985

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2023-3985

creationtimestamp| type| source ---|---|--- 2023-07-28 12:29:35+00:00| seen| https://t.me/cibsecurity/67371...

CVE-2023-3985

A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has bee...

CVE-2023-3985

A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has bee...

CVE-2023-3985

CVE-2023-3985 affects SourceCodester Online Jewelry Store 1.0. The vulnerability is in the login.php file where manipulation of the username/password parameters enables SQL injection. The issue is exploitable remotely and has been publicly disclosed; multiple sources classify the entry as high/cr...

SUSE CVE-2012-3985

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting XSS attacks by leveraging initial-origin access after document.domain has been set...