CVE-2026-3987

creationtimestamp| type| source ---|---|--- 2026-04-01 22:45:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mihrfdqeim25 2026-04-01 23:28:03+00:00| seen| Telegram/9GieXm2mvI1hTc72mHyuKx2RXs9Lk1GMse1mK9qILNsF30 2026-04-01 23:28:25+00:00| seen|...

EUVD-2026-3987

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.1...

CVE-2023-3987

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manageuser=3. The manipulation of the argument id leads to sql injection. It is possible to launch the atta...

CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter...

CVE-2025-3987

creationtimestamp| type| source ---|---|--- 2025-04-27 22:09:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13641 2025-04-28 01:31:07+00:00| seen| https://t.me/cvedetector/23864 2025-10-19 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...

CVE-2025-3987 TOTOLINK N150RT formWsc command injection

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-3987

CVE-2025-3987 affects TOTOLINK N150RT 3.4.0-B20190525. The vulnerability is a command injection in the /boafrm/formWsc endpoint caused by unsafely handling the localPin parameter. Remote attacker could exploit this to execute arbitrary commands with low privileges; exploit has been publicly discl...

CVE-2025-3987 TOTOLINK N150RT formWsc command injection

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been...

CVE-2021-3987

creationtimestamp| type| source ---|---|--- 2024-11-15 11:09:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113486656767538877 2024-11-15 13:15:49+00:00| seen| https://t.me/cvedetector/11070...

CVE-2021-3987 Improper Access Control in janeczku/calibre-web

An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the createshelf method in shelf.py not verifying if the user has the necessary permissions to create a...

CVE-2021-3987

CVE-2021-3987 (janeczku/calibre-web) is an improper access control flaw where the public shelf creation path (shelf.py: create_shelf) does not verify user permissions, allowing low-privilege users to create public shelves and perform unauthorized actions. Public disclosures in multiple feeds corr...

SUSE: Security Advisory (SUSE-SU-2024:3987-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-3987 WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt

The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress WP Mobile Menu Plugin <= 2.8.4.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Mobile Menu Type Plugin Vulnerable versions = 2.8.4.2 Fixed in 2.8.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3987 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9e7bd93097ab Credits stealthcopter Require...

CVE-2023-3987 SourceCodester Simple Online Mens Salon Management System sql injection

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manageuser&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the...

CVE-2023-3987

CVE-2023-3987 affects SourceCodester Simple Online Mens Salon Management System 1.0. The vulnerability is a SQL injection in the file path /admin/?page=user/manage_user&id=3 (parameter id) that can be manipulated remotely. Multiple sources confirm an exploitation vector and public disclosure of t...

SUSE CVE-2009-3987

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

SUSE CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site...

CVE-2022-3987

creationtimestamp| type| source ---|---|--- 2022-12-19 16:10:36+00:00| seen| https://t.me/cibsecurity/54862 2025-04-17 13:57:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12225...

CVE-2022-3987 Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...