CVE-2026-3992

creationtimestamp| type| source ---|---|--- 2026-03-12 09:01:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgtzzle42h2n...

EUVD-2026-3992

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

CVE-2023-3992

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-3992

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=systeminfo of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can...

CVE-2021-3992

kimai2 is vulnerable to Improper Access Control...

CVE-2020-3992

OpenSLP as used in VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free...

CVE-2025-3992

A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been...

CVE-2025-3992

creationtimestamp| type| source ---|---|--- 2025-04-28 00:10:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13644 2025-04-28 01:48:26+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114413070289043018 2025-04-28 03:11:26+00:00| seen|...

CVE-2025-3992 TOTOLINK N150RT formWlwds buffer overflow

A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been...

CVE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992 Amen <= 3.3.1 - Admin+ Stored XSS

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3992

The CVE-2024-3992 entry concerns the Amen WordPress plugin (versions 3.3.1 and earlier). Technical details in connected documents indicate a Stored XSS vulnerability caused by insufficient sanitization/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject scripts ev...

WordPress Amen Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Amen Type Plugin Vulnerable versions = 3.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3992 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ff20ea08709 Credits Bob Matyas Required privilege...

CVE-2023-3992

creationtimestamp| type| source ---|---|--- 2023-08-30 18:12:22+00:00| seen| https://t.me/cibsecurity/69438...

CVE-2023-3992

CVE-2023-3992 affects the PostX – Gutenberg Post Grid Blocks plugin for WordPress v3.0.6 and earlier. The issue is a Reflected Cross-Site Scripting (XSS) caused by insufficient sanitisation/escaping of a parameter before it is echoed on the page, potentially impacting high-privilege users such as...

CVE-2023-3992 PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-3992 PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress PostX Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software PostX Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3992 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c90860a27d52 Credits Bob Matyas Required privileg...

SUSE: Security Advisory (SUSE-SU-2022:3992-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...