CVE-2026-23625

creationtimestamp| type| source ---|---|--- 2026-01-19 19:01:47+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcsddd5vzi22 2026-01-19 21:38:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcsm3xndng26...

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

CVE-2023-23625

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

CVE-2025-23625

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in awcode Unique UX unique-ux allows Reflected XSS.This issue affects Unique UX: from n/a through = 0.9.2...

CVE-2025-23625

CVE-2025-23625 concerns the WordPress plugin Unique UX (versions

CVE-2025-23625 WordPress Unique UX plugin <= 0.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AWcode, PDSonline Unique UX allows Reflected XSS. This issue affects Unique UX: from n/a through 0.9.2...

CVE-2024-23625

creationtimestamp| type| source ---|---|--- 2024-01-26 01:31:37+00:00| seen| https://t.me/ctinow/173920 2024-02-18 20:46:54+00:00| seen| https://t.me/ctinow/187366...

CVE-2024-23625

CVE-2024-23625 affects D-Link DAP-1650 devices and involves a command injection vulnerability when processing UPnP SUBSCRIBE messages. Affected component is the UPnP SUBSCRIBE Message Handler; root-level command execution is possible for unauthenticated attackers. Multiple sources (NVD, Red Hat a...

CVE-2024-23625 D-Link DAP-1650 SUBSCRIBE Callback Command Injection Vulnerability

A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root...

CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs

go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout paramete...

CVE-2023-23625

CVE-2023-23625 affects go-unixfs, an implementation atop ipld merkledag. A malformed HAMT sharded directory with a bogus fanout parameter can trigger panics and virtual memory leaks when decoding untrusted input. Affected version is prior to 0.4.3; upgrade to 0.4.3 or apply safe decoding practice...

CVE-2022-23625

CVE-2022-23625 affects Wire-ios on Apple iOS prior to version 3.95. Malformed resource identifiers can be generated and sent between Wire users, causing the iOS Wire Client to repeatedly crash on launch (DoS-like impact). The root cause is in the wire-ios-transport component, where code that remo...

CVE-2022-23625 DoS vulnerability: Malformed Resource Identifiers

Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...