CVE-2026-25059

creationtimestamp| type| source ---|---|--- 2026-01-31 13:10:35+00:00| published-proof-of-concept| https://github.com/OpenListTeam/OpenList/security/advisories/GHSA-qmj2-8r24-xxcq 2026-02-02 23:20:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdvyc6lr632r...

Intel® OFU Software Advisory

Summary: Potential security vulnerabilities for some Intel® One Boot Flash Update Intel® OFU software may allow escalation of privilege. Intel is not releasing updates to mitigate these potential vulnerabilities and has issued a product discontinuation notice for Intel® OFU software. Vulnerabilit...

CVE-2021-25059

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...

Linux Distros Unpatched Vulnerability : CVE-2019-25059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVE-2019-25059 Note that Ness...

RHEL 8 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 - In Artifex...

RHEL 9 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 Note that Nessus has not...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2023-1705)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : ghostscript (EulerOS-SA-2023-1705)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for...

CVE-2023-25059

creationtimestamp| type| source ---|---|--- 2023-04-07 12:27:49+00:00| seen| https://t.me/cibsecurity/61647...

CVE-2023-25059 WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin = 3.0.3 versions...

CVE-2023-25059

CVE-2023-25059 affects the avalex WordPress plugin (versions ≤ 3.0.3). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires authentication with admin+ privileges and is exploitable via user interaction. The underlying issue relates to insufficient input cleanup/output escaping i...

Amazon Linux 2 : ghostscript (ALAS-2023-2003)

The version of ghostscript installed on the remote host is prior to 9.25-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2003 advisory. Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-383...

Low: ghostscript

Issue Overview: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVE-2019-25059 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS)

Software avalex Type Plugin Vulnerable versions = 3.0.3 Fixed in 3.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25059 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6fadb6b447f Credits Rio Darmawan Required privilege...

CVE-2018-25059

creationtimestamp| type| source ---|---|--- 2022-12-30 14:14:01+00:00| seen| https://t.me/cibsecurity/55552...

CVE-2018-25059

CVE-2018-25059 affects pastebinit up to 0.2.2. The vulnerability is in the pasteHandler function of server.go, where modifying the r.URL.Path enables path traversal. A fix is available in pastebinit 0.2.3, with patch 1af2facb6d95976c532b7f8f82747d454a092272. Advises upgrading the affected compone...

CVE-2021-25059

creationtimestamp| type| source ---|---|--- 2022-11-28 16:27:55+00:00| seen| https://t.me/cibsecurity/53562...

CVE-2021-25059

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...

CVE-2021-25059 Download Plugin < 2.0.0 - Subscriber+ Website Download

The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...

CVE-2021-25059

The CVE concerns the WordPress Download Plugin before 2.0.0, where the plugin fails to properly validate a user’s privileges to access a backup nonce identifier. This privilege validation flaw could let any logged-in user with an account (e.g., a Subscriber) download a full copy of the website. A...