CVE-2026-25086

creationtimestamp| type| source ---|---|--- 2026-03-19 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-078-08 2026-03-21 23:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhm54n4dr32h...

CVE-2024-25086

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code...

CVE-2025-25086

Cross-Site Request Forgery CSRF vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through = 1.2.1...

CVE-2025-25086 WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through = 1.2.1...

CVE-2025-25086 WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPDeveloper Secret Meta facebook-secret-meta allows Reflected XSS.This issue affects Secret Meta: from n/a through = 1.2.1...

CVE-2025-25086

CVE-2025-25086 is a CSRF-induced Reflected XSS in the WordPress plugin WPDeveloper Secret Meta, affecting Secret Meta versions up to 1.2.1 (inclusive). The Initial Description confirms the flaw type and affected range; connected sources corroborate a CSRF/Reflected XSS pattern but do not provide ...

CVE-2024-25086

Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code...

CVE-2024-25086

CVE-2024-25086 affects Jungo WinDriver pre-12.2.0. The issue is improper privilege management (CWE-269), enabling a local attacker to escalate privileges and execute arbitrary code. Affected: Jungo WinDriver versions before 12.2.0. Impact: local privilege escalation and code execution; no remote ...

CVE-2023-25086

creationtimestamp| type| source ---|---|--- 2023-07-06 18:20:27+00:00| seen| https://t.me/cibsecurity/66086...

CVE-2023-25086

CVE-2023-25086 is a buffer-overflow vulnerability in Milesight UR32L v32.3.0.5, triggered in the vtysh_ubus binary under the firewall_handler_set function (and related code paths) where user-controlled data is fed into unsafe sprintf calls (e.g., using index, dport, ip, mac, description, etc.). A...

CVE-2018-25086

The CVE-2018-25086 issue affects sea75300 FanPress CM versions up to 3.6.3, specifically the Template Preview component and its getArticlesPreview function in inc/controller/action/system/templatepreview.php, which allows cross-site scripting. The vulnerability can be triggered remotely and is ad...

CVE-2019-25086

creationtimestamp| type| source ---|---|--- 2022-12-27 12:23:10+00:00| seen| https://t.me/cibsecurity/55385...

CVE-2019-25086

The CVE-2019-25086 entry describes a cross-site scripting (XSS) vulnerability in IET-OU Open Media Player up to version 1.5.0, affected by the webvtt function in application/controllers/timedtext.php. Manipulating the ttml_url parameter enables remote XSS. A fix is available in version 1.5.1, wit...

CVE-2021-25086

creationtimestamp| type| source ---|---|--- 2022-05-02 20:28:20+00:00| seen| https://t.me/cibsecurity/41749...

CVE-2021-25086 Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting

The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it...

CVE-2021-25086

CVE-2021-25086 affects the WordPress plugin Advanced Page Visit Counter, prior to version 6.1.2. The issue is an unauthenticated Cross-Site Scripting (XSS) vulnerability caused by insufficient sanitisation/escaping of input before it is output in the admin dashboard. Impacted action is viewing th...

CVE-2020-25086

CVE-2020-25086 affects Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, where the vulnerability resides in application/modules/admin/views/advanced_settings/adminUsers.php. The root cause described across connected records is lack of proper validation of client-side data, enabling cross-site ...

CVE-2020-25086

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advancedsettings/adminUsers.php...

Yahoo! Widgets ActiveX control GetComponentVersion buffer overflow

Added: 08/03/2007 CVE: CVE-2007-4034 BID: 25086 OSVDB: 37705 Background Yahoo! Widgets is desktop software which runs any number of small, real-time, Internet applications called widgets. Problem A buffer overflow vulnerability in the YDPCTL ActiveX Control allows command execution when a user...