CVE-2026-25077

creationtimestamp| type| source ---|---|--- 2026-05-09 05:06:01+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mlfhw52n2w2g...

CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2021-25077

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting...

CVE-2018-25077

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...

CVE-2025-25077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dugbug Easy Chart Builder for WordPress easy-chart-builder allows Stored XSS.This issue affects Easy Chart Builder for WordPress: from n/a through = 1.3...

CVE-2025-25077

creationtimestamp| type| source ---|---|--- 2025-02-07 10:15:51+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhleme22cv2u 2025-02-07 10:30:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113962139077936577...

CVE-2025-25077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dugbug Easy Chart Builder for WordPress easy-chart-builder allows Stored XSS.This issue affects Easy Chart Builder for WordPress: from n/a through = 1.3...

CVE-2025-25077 WordPress Easy Chart Builder for WordPress plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dugbug Easy Chart Builder for WordPress easy-chart-builder allows Stored XSS.This issue affects Easy Chart Builder for WordPress: from n/a through = 1.3...

CVE-2024-25077

creationtimestamp| type| source ---|---|--- 2024-07-10 22:39:34+00:00| seen| https://t.me/cvedetector/589...

CVE-2024-25077

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...

CVE-2024-25077

CVE-2024-25077 affects Renesas SmartBond DA14691/DA14695/DA14697/DA14699. The issue: the Nonce used for on-the-fly flash decryption is stored in an unsigned header, allowing modification without invalidating the secure-boot signature. The decryption engine uses AES in CTR mode without authenticat...

CVE-2023-25077

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-25077

CVE-2023-25077 is a cross-site scripting vulnerability in EC-CUBE’s Authentication Key Settings affecting EC-CUBE 4.0.0–4.0.6-p2, 4.1.0–4.1.2-p1, and 4.2.0. The root cause is an XSS issue in the admin/Authentication Key Settings that allows a remote authenticated attacker to inject arbitrary scri...

JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

CVE-2018-25077

CVE-2018-25077 affects melnaron mel-spintax, specifically the lib/spintax.js component. According to the provided documents, the vulnerability is a Regular Expression Denial of Service (ReDoS) caused by inefficient regex complexity in the spintax handling. CVSS 3.1 base score is 7.5 (HIGH) with n...

TOTOLink A3100R Command Injection (CVE-2022-25077)

A command injection vulnerability exists in TOTOLink A3100R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...