23 matches found
CVE-2026-25105
creationtimestamp| type| source ---|---|--- 2026-02-26 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10 2026-02-27 04:06:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfsthqxb3y2o 2026-02-27 04:33:26+00:00| seen|...
CVE-2020-25105
eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token createHash has only a million possibilities...
CVE-2019-25105
A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. Thi...
CVE-2025-25105
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in coffeestudios Pop Up popup-seo-optimized allows Stored XSS.This issue affects Pop Up: from n/a through = 0.1...
CVE-2025-25105
creationtimestamp| type| source ---|---|--- 2025-02-07 10:16:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhlenttewq27 2025-02-07 11:45:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113962434384817299...
CVE-2025-25105
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in coffeestudios Pop Up popup-seo-optimized allows Stored XSS.This issue affects Pop Up: from n/a through = 0.1...
CVE-2025-25105 WordPress Pop Up Plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in coffeestudios Pop Up popup-seo-optimized allows Stored XSS.This issue affects Pop Up: from n/a through = 0.1...
CVE-2025-25105 WordPress Pop Up Plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1...
CVE-2018-25105 File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary file...
CVE-2023-25105
creationtimestamp| type| source ---|---|--- 2023-07-06 18:20:43+00:00| seen| https://t.me/cibsecurity/66099...
CVE-2023-25105
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2023-25105
CVE-2023-25105 concerns Milesight UR32L v32.3.0.5 where the vtysh_ubus binary contains a buffer overflow due to an unsafe sprintf pattern. Talos-affiliated analysis documents multiple vulnerable code paths (set_ike_profile, various vtysh_ubus handlers) that construct commands via sprintf with use...
CVE-2023-25105
Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...
CVE-2019-25105
creationtimestamp| type| source ---|---|--- 2023-02-26 14:27:10+00:00| seen| https://t.me/cibsecurity/58905...
CVE-2019-25105
CVE-2019-25105 affects the PHP project dro.pm, with vulnerability in an unknown part of the file web/fileman.php . The issue arises from manipulating the secret/key parameter, leading to cross-site scripting (XSS) . Exploitation is described as remote, and no versioning is used by the product, so...
CVE-2019-25105 dro.pm fileman.php cross site scripting
A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. Thi...
CVE-2021-25105
creationtimestamp| type| source ---|---|--- 2022-02-07 18:35:04+00:00| seen| https://t.me/cibsecurity/36950...
CVE-2021-25105
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-25105
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-25105
The CVE-2021-25105 entry concerns the WordPress Ivory Search plugin prior to version 5.4.1, where Form settings are not properly escaped, enabling stored XSS by high-privilege users even when unfiltered_html is disallowed. Affected component: Ivory Search’s admin form handling (Form settings). Do...