CVE-2022-25095

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request...

CVE-2021-25095

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2locationcountryblockersaverules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing...

CVE-2020-25095

LogRhythm Platform Manager PM 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking CSWH. If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable P...

CVE-2019-25095

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address...

CVE-2025-25095

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reverbnationdev ReverbNation Widgets reverbnation-widgets allows Stored XSS.This issue affects ReverbNation Widgets: from n/a through = 2.1...

CVE-2025-25095

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reverbnationdev ReverbNation Widgets reverbnation-widgets allows Stored XSS.This issue affects ReverbNation Widgets: from n/a through = 2.1...

CVE-2025-25095 WordPress ReverbNation Widgets plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability<

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reverbnationdev ReverbNation Widgets reverbnation-widgets allows Stored XSS.This issue affects ReverbNation Widgets: from n/a through = 2.1...

CVE-2025-25095

CVE-2025-25095 concerns the WordPress plugin ReverbNation Widgets. The available connected documentation confirms an XSS risk (Stored XSS) caused by improper neutralization of input during web page generation. Affected software is ReverbNation Widgets up to version 2.1 (versions n/a–2.1 noted in ...

CVE-2025-25095 WordPress ReverbNation Widgets plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability<

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1...

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0...

WordPress Easy Forms for Mailchimp Plugin <= 6.9.0 is vulnerable to Sensitive Data Exposure

Software Easy Forms for Mailchimp Type Plugin Vulnerable versions = 6.9.0 Fixed in N/A OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-25095 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 268130a7347a Credits...

CVE-2018-25095

creationtimestamp| type| source ---|---|--- 2024-01-08 20:26:50+00:00| seen| https://t.me/ctinow/164594 2024-01-11 21:17:17+00:00| seen| https://t.me/ctinow/166843 2024-01-25 15:11:23+00:00| seen| https://t.me/ctinow/173483...

CVE-2018-25095

CVE-2018-25095 affects the Duplicator WordPress plugin prior to 1.3.0. The vulnerability arises from the installer script not properly escaping values when replacing them in WordPress configuration files, which could allow an attacker to execute arbitrary code on the server if the installer scrip...

CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2023-25095

creationtimestamp| type| source ---|---|--- 2023-07-06 18:33:49+00:00| seen| https://t.me/cibsecurity/66126...

CVE-2023-25095

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2023-25095

Summary (CVE-2023-25095, Milesight UR32L): Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to unsafe sprintf usage in various vtysh commands (e.g., set_qos, firewall/vpn/openvpn-related paths). An attacker with high privileges can send craf...

CVE-2019-25095

CVE-2019-25095 affects kakwa LdapCherry prior to 1.0.0. The vulnerability is a Cross-Site Scripting flaw stemming from an unknown function in the component URL Handler, enabling remote attack. Upgrading to version 1.0.0 addresses the issue (patch SHA 6f98076281e9452fdb1adcd1bcbb70a6f968ade9). Ven...

CVE-2022-25095

creationtimestamp| type| source ---|---|--- 2022-02-26 02:20:54+00:00| seen| https://t.me/cibsecurity/38156...