WordPress HTML Forms plugin <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin HTML Forms versions = 1.5.5...

CVE-2025-12125

creationtimestamp| type| source ---|---|--- 2025-11-08 05:45:27+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m53vawiq26d2 2025-11-08 06:19:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m53x5tpayz2w...

CVE-2024-12125

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...

CVE-2020-12125

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication...

CVE-2019-12125

In ONAP Logging through Dublin, by accessing an applicable port 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271, an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager OOM setups are affected...

Moxa EDR-810 Web Server Certificate Signing Request Command Injection (CVE-2017-12125)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the /goform/netWebCSRGen uri t...

CVE-2018-12125

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues. Notes: none...

CVE-2021-27275

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

CVE-2021-27275

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

CVE-2021-27275

CVE-2021-27275 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The flaw resides in ConfigFileController realName handling, where user-supplied paths are not properly validated before file operations, enabling directory traversal. Consequences include disclosure of sensitive informatio...

CVE-2020-12125

The CVE-2020-12125 entry concerns a remote buffer overflow in the WAVLINK WN530H4 router (M30H4.V5030.190403) at the /cgi-bin/makeRequest.cgi endpoint. Root-level code execution is possible without authentication, per NVD description; CVSS metrics indicate a critical severity (3.1/CRITICAL, 9.8 b...

CVE-2019-12125

In ONAP Logging through Dublin, by accessing an applicable port 30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271, an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager OOM setups are affected...

CVE-2019-12125

The CVE-2019-12125 issue affects ONAP Logging (Dublin) within ONAP, where an authentication bypass on multiple ports (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, 30271) lets an attacker gain full, unauthenticated access to the affected ONAP services. The root cause is an access contro...

CVE-2017-12125

CVE-2017-12125 affects Moxa EDR-810 Web Server (V4.1, build 17030317). A crafted HTTP POST to /goform/net_WebCSRGen allows OS command injection via the CN parameter, enabling privilege escalation to a root shell. Public references (Talos/Talos blog, NVD, NASL plugin) describe the same vulnerabili...

Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability(CVE-2017-12125)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...

CVE-2018-12125

...

CVE-2018-12125

CVE-2018-12125 is rejected/not used per Initial Description and does not describe an active vulnerability.