Amazon Linux 2023 : composer (ALAS2023-2026-1625)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1625 advisory. Command injection via malicious Perforce repository definition CVE-2026-40176 Command injection via malicious Perforce source reference/url CVE-2026-40261 Tenable has extracted the preceding...

RHSA-2026:1625 Red Hat Security Advisory: glib2 security update

Bulletin has no description...

EUVD-2024-2462

Malicious code in bioql PyPI...

CVE-2011-1625

Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching DLSw feature is configured, allows remote attackers to cause a denial of service device crash by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerabili...

CVE-2010-1625

Cross-site scripting XSS vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448...

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...

CVE-2025-1625

creationtimestamp| type| source ---|---|--- 2025-05-19 06:38:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16810...

CVE-2025-1625

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-1625

CVE-2025-1625 refers to a Stored Cross-Site Scripting (XSS) vulnerability in Qi Blocks WordPress plugin prior to version 1.4. The issue arises because some Counter block options are not validated or escaped before output in a page or post where the block is embedded. This could allow users with t...

CVE-2025-1625 Qi Blocks < 1.4 - Contributor+ Stored XSS via Counter Block

The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Linux Distros Unpatched Vulnerability : CVE-2023-1625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal paramete...

Titan FTP Administrative Password Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Titan FTP Administrative Password Disclosure', 'Description' = %q On Titan FTP servers prior to version 9.14.1628, an...

GHSA-2FQR-CX7Q-3PH8 openstack-heat may disclose sensitive information

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied...

CVE-2024-1625

creationtimestamp| type| source ---|---|--- 2024-04-12 09:34:31+00:00| seen| https://t.me/arpsyndicate/4578...

CVE-2024-1625

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

CVE-2024-1625

CVE-2024-1625 affects lunary-ai/lunary, version 0.3.0, with an Insecure Direct Object Reference (IDOR) in the project deletion endpoint. The root cause is insufficient authorization checks that fail to verify if the provided project ID belongs to the requesting user’s organization, enabling delet...

noiseworkx.com Improper Access Control vulnerability OBB-3806363

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-1625

creationtimestamp| type| source ---|---|--- 2023-09-24 07:33:07+00:00| seen| https://t.me/cibsecurity/70965 2024-08-03 00:03:12+00:00| seen| https://t.me/cvedetector/2379...