CVE-2025-64235

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...

CVE-2025-64236

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

CVE-2025-64236 WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

CVE-2025-64236

CVE-2025-64236 affects the WordPress Tuturn plugin (versions before 3.6). The issue is a broken authentication vulnerability allowing authentication bypass via an alternate path or channel, enabling authentication abuse. Remediation: update to Tuturn 3.6 or later. If exploitation details are not ...

Mozilla Firefox < 3.6

The version of Firefox installed on the remote Windows host is prior to 3.6. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory. - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the...

PT-2025-52264

Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6...

WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Tuturn versions 3.6...

EUVD-2018-0501

Malware in sbrugna...

CVE-2021-26737

The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition...

Zscaler Client Connector Path Traversal Vulnerability

Zscaler Client Connector is an application for zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications is secure and complies with the organization's policies, even when not on the corporate network. ecto is a toolkit...

SUSE CVE-2014-3469

The 1 asn1readvaluetype and 2 asn1readvalue functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service NULL pointer dereference and crash via a NULL value in an ivalue argument...

CVE-2022-23738

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to access private repository files through a public repository. To exploit this, an actor would need to already be authorized on the GitHub Enterprise Server instance, be able to crea...

PT-2022-20231 · Unknown +2 · Needrestart +2

Name of the Vulnerable Software and Affected Versions: needrestart versions 0.8 through 3.5 before 3.6 Description: The issue is related to local privilege escalation. Regexes used to detect Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when...

GHSA-4M9R-5GQP-7J82 High severity vulnerability that affects org.dspace:dspace-xmlui

The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...

PT-2017-7223 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager versions prior to 3.6 Description: The issue allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the environment. Recommendations: For...

DEBIAN-CVE-2012-6539

The devifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

PT-2011-4738 · Unknown · Morning Coffee

Name of the Vulnerable Software and Affected Versions: Morning Coffee theme versions prior to 3.6 Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the PATH INFO to "index.php". Recommendations: For versions prior to 3.6, update...

CVE-2007-5989

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption...