25 matches found
CVE-2026-25002
creationtimestamp| type| source ---|---|--- 2026-03-26 21:34:32+00:00| seen| Telegram/jvhOKmzqiPeYBdBxVFESt3SUAdqySxNGUXLiFxkgoqjLWk...
CVE-2026-25002
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...
CVE-2023-25002
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...
CVE-2021-25002
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...
CVE-2019-25002
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...
CVE-2018-25002
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...
CVE-2025-25002
Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...
CVE-2025-25002
Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network...
CVE-2025-25002
creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review...
Zoom Workplace Desktop App < 6.2.5 DoS (ZSB-25002)
The version of Zoom Workplace Desktop App installed on the remote host is prior to 6.2.5. It is, therefore, affected by a vulnerability as referenced in the ZSB-25002 advisory. - Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct...
Oracle DB SQL Injection Via DBMS_EXPORT_EXTENSION
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via DBMSEXPORTEXTENSION', 'Description' = %q This module will escalate an Oracle DB user to DBA by exploiting a sql...
CVE-2024-25002
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device...
CVE-2024-25002
CVE-2024-25002 relates to a command injection in the Bosch Network Synchronizer diagnostics interface. The vulnerability allows unauthorized users to execute commands, potentially attaining full access to the device. Connected sources indicate affected versions are prior to 9.30, but exact vulner...
CVE-2024-25002
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device...
CVE-2023-25002
CVE-2023-25002 concerns a use-after-free vulnerability triggered by a malicious SKP file in Autodesk products. Affected software is Autodesk products that process SKP files (e.g., Autodesk 3ds Max, Navisworks, SKP-related components) per multiple sources in the Connected set. Root cause is a use-...
CVE-2021-25002
creationtimestamp| type| source ---|---|--- 2022-05-02 20:28:03+00:00| seen| https://t.me/cibsecurity/41737...
CVE-2021-25002
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...
CVE-2021-25002
CVE-2021-25002 affects the Tipsacarrier WordPress plugin prior to 1.5.0.5. The vulnerability is due to missing authorization checks in certain functions, allowing unauthenticated users to access orders data and potentially retrieve customer PII (full address, name, phone) via a tracking URL. Affe...
CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...
CVE-2018-25002
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...