@antv/g6 (>=4.1.0 <=4.1.12-beta.3), @antv/graphin (>=2.0.0 <=2.0.1) +1 more potentially affected by unknown CVE via @antv/g6-pc (>=0.0.1 <=0.0.9)

@antv/g6-pc NPM version =0.0.1, =4.1.0, =2.0.0, =2.0.9, =2.0.10 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3991...

CVE-2026-3991 Elevation of Privileges in Symantec Data Loss Prevention Windows Endpoint

Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain...

CVE-2026-3991

CVE-2026-3991 affects Symantec Data Loss Prevention Windows Endpoint prior to: 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15. The issue is described as an Elevation of Privilege , allowing a local attacker to obtain elevated access to protected resources. The provided doc...

CVE-2026-3991

creationtimestamp| type| source ---|---|--- 2026-03-30 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0378/ 2026-03-30 19:18:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3micevqbsxx27 2026-03-30 20:50:07+00:00| seen|...

CVE-2021-3991

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...

CVE-2025-3991

creationtimestamp| type| source ---|---|--- 2025-04-28 00:10:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13648 2025-04-28 01:48:25+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114413070256201052 2025-04-28 03:11:29+00:00| seen|...

CVE-2025-3991

CVE-2025-3991 affects TOTOLINK N150RT (version 3.4.0-B20190525). The vulnerability is a buffer overflow in the /boafrm/formWdsEncrypt endpoint, triggered by manipulating the submit-url argument. Exploitation can be initiated remotely; multiple sources describe high-severity impact (CVE appears wi...

Debian: Security Advisory (DLA-3991-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3991

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...

CVE-2021-3991

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions...

CVE-2021-3991

CVE-2021-3991 describes an Improper Authorization vulnerability in Dolibarr: versions prior to the develop branch permit a user with restricted permissions in the Reception section to access specific reception details via direct URL, bypassing intended permission checks. The issue affects Dolibar...

WordPress ShopLentor Plugin <= 2.8.7 is vulnerable to Cross Site Scripting (XSS)

Software ShopLentor Type Plugin Vulnerable versions = 2.8.7 Fixed in 2.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b56a67a53737 Credits stealthcopter Required...

CVE-2023-3991

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-3991 OS command injection vulnerability in FreshTomato 2023.3

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-3991 OS command injection vulnerability in FreshTomato 2023.3

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-3991

CVE-2023-3991 is an OS command injection vulnerability in FreshTomato 2023.3, affecting the httpd iperfrun.cgi functionality. A specially crafted HTTP request can lead to arbitrary command execution with network access and no privileges required. Impact is described as total compromise of the aff...

SUSE CVE-2016-3991

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted TIFF image with zero tiles...

CVE-2022-3991

creationtimestamp| type| source ---|---|--- 2022-11-30 00:29:44+00:00| seen| https://t.me/cibsecurity/53688 2025-01-23 21:03:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2826...

CVE-2022-3991

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2022-3991

Summary (MODE C): The WordPress Photospace Gallery plugin is affected by a Stored Cross-Site Scripting vulnerability in versions up to 2.3.5. The issue stems from insufficient input sanitization and output escaping in settings saved via the update() function, allowing authenticated users with sub...