27 matches found
CVE-2020-25079
creationtimestamp| type| source ---|---|--- 2025-08-05 20:02:35+00:00| seen| https://bsky.app/profile/pigondrugs.bsky.social/post/3lvoiubpns42l 2025-08-05 20:50:10+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/4529445 2025-08-06 09:23:33+00:00| seen|...
VulnCheck KEV: CVE-2020-25079
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...
CVE-2022-25079
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2021-25079
The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page...
CVE-2025-25079
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...
CVE-2025-25079
creationtimestamp| type| source ---|---|--- 2025-02-07 10:15:56+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhlemily6s25 2025-02-07 10:45:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113962198095321727...
CVE-2025-25079
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...
CVE-2025-25079 WordPress Simple Select All Text Box plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...
CVE-2025-25079 WordPress Simple Select All Text Box plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Garrett Grimm Simple Select All Text Box simple-select-all-text-box allows Stored XSS.This issue affects Simple Select All Text Box: from n/a through = 3.2...
CVE-2025-25079
CVE-2025-25079 describes a Stored XSS in the WordPress plugin Simple Select All Text Box (versions up to 3.2). The vulnerability arises from improper input neutralization during web page generation, enabling attacker-supplied scripts to be stored and delivered to users. The initial records and co...
CVE-2024-25079
CVE-2024-25079 affects InsydeH2O kernel (Insyde InsydeH2O) with a memory corruption in HddPassword that could lead to SMM privilege escalation. Affected versions and fixed targets per PT-2024-20730/CDS: 5.2 before 05.29.09 → update to 05.29.09 or later; 5.3 before 05.38.09 → update to 05.38.09 or...
CVE-2024-25079
A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM...
@chenng/recognition (=1.0.0), @evelaguti/uberocr (>=0.0.1 <=0.0.3) +71 more potentially affected by CVE-2018-25079 via is-url (>=0.1.0 <=1.2.2)
is-url NPM version =0.1.0, =0.0.1, =1.0.1, =0.4.0, =0.1.1, =0.1.0, =0.0.4, =0.0.1, =1.0.5, =0.4.0, =0.4.0, =0.1.0, =0.1.4 and more Source cves: CVE-2018-25079 Source advisory: OSV:GHSA-P9W8-2MPQ-49H9...
CVE-2018-25079
The CVE-2018-25079 entry concerns Segmentio is-url up to version 1.2.2. The issue is in an unknown function within index.js that causes inefficient regular expression complexity (redos). Impact is remote exploitation with potential denial of service risk (high availability impact) as per the CVSS...
TOTOLink A860R Command Injection (CVE-2022-25076; CVE-2022-25078; CVE-2022-25079; CVE-2022-25080; CVE-2022-25081; CVE-2022-25082; CVE-2022-25083; CVE-2022-25084)
A command injection vulnerability exists in TOTOLink A860R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-25079
creationtimestamp| type| source ---|---|--- 2022-02-24 18:14:45+00:00| seen| https://t.me/cibsecurity/37994...
CVE-2022-25079
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25079
TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-25079
CVE-2022-25079 affects TOTOLink A810R firmware version 4.1.2cu.5182_B20201026. The issue is described as a command injection in the router’s Main function, allowing an attacker to execute arbitrary commands through the QUERY_STRING parameter. Multiple sources corroborate a remote, unauthenticated...
CVE-2021-25079 Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting
The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page...