CVE-2026-25168

CVE-2026-25168 is a Windows Graphics Component denial-of-service vulnerability. Exploitation requires local access with low complexity and no user interaction, and can cause an availability impact flagged as HIGH. The CVSSv3.1 score is 6.2 (MEDIUM overall) with an exploit that is unproven and rem...

CVE-2026-25168

creationtimestamp| type| source ---|---|--- 2026-03-10 16:57:37+00:00| seen| https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review 2026-03-10 19:07:55+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0080 2026-03-11 03:00:16+00:00| seen|...

CVE-2018-25168

Precurio Intranet Portal 2.0 contains a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by submitting crafted POST requests to the /public/admin/user/submitnew endpoint without CSRF tokens. The issue stems from missing CSRF pro...

CVE-2021-25168

The Baseboard Management Controller BMC firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function...

CVE-2025-25168

Cross-Site Request Forgery CSRF vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting XSS.This issue affects BookPress – For Book Authors: from n/a through = 1.2.7...

CVE-2025-25168 WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting XSS. This issue affects BookPress – For Book Authors: from n/a through 1.2.7...

CVE-2025-25168 WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Black and White BookPress – For Book Authors book-press allows Cross-Site Scripting XSS.This issue affects BookPress – For Book Authors: from n/a through = 1.2.7...

CVE-2025-25168

CVE-2025-25168: CSRF to Stored XSS in BookPress – For Book Authors (WordPress plugin) affecting versions up to 1.2.7. The initial description states CSRF enables XSS, but does not provide specific exploit details. Connected documents (Wordfence, NVD, Patchstack) indicate patch status as Unpatched...

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

CVE-2024-25168

Snow Snow v2.0.0 is affected by a SQL injection in the dataScope parameter of the system/role/list interface, enabling a remote attacker to execute arbitrary code. The root cause is input handling in that endpoint, allowing injectable SQL statements. Documented impact is remote code execution wit...

CVE-2023-25168

CVE-2023-25168 affects Pterodactyl Wings (server control plane). Description: UNIX Symbolic Link (Symlink) Following enables deletion of files/directories on the host when a server is allocated; may be used with GHSA-p8r3-83r8-jwj5 to overwrite host files. Root cause: symbolic link handling in Wi...

Security Bulletin: IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2022-25168)

Summary A security vulnerability has been identified in the IBM Spectrum Scale GPFS Hadoop connector which could allow a local authenticated attacker to execute arbitrary commands on the system. Fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-25168 DESCRIPTION: Apach...

Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis (CVE-2022-26612, CVE-2022-25168)

Summary Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypas...

CVE-2022-25168

A flaw was found in the hadoop-common package. This flaw allows an attacker to benefit from command injection using the org.apache.hadoop.fs.FileUtil.unTarUsingTar function...

ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.28.0), com.4paradigm.openmldb:openmldb-taskmanager (>=0.4.2 <=0.6.2) +398 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=2.0.4-alpha <=2.10.1)

org.apache.hadoop:hadoop-common MAVEN version =2.0.4-alpha, =0.18.5, =0.4.2, =2.0.29.2, =0.3.0, =0.3.0, =2.10.6.9, =3.0.0, =3.0.0, =0.24.0, =0.24.0, =0.24.0, =0.24.0, =0.19.3, =0.19.3, =0.26.0 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...

ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +647 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.3.0 <=3.3.2)

org.apache.hadoop:hadoop-common MAVEN version =3.3.0, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.13.0, =0.2.7, =0.2.7, =0.6.1.2, =1.0.0, =1.0.0, =0.2.2, =1.0.0, =1.0.0, =0.2.2, =0.4.1 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...

ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.chronon:aggregator_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +1329 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.0.0-alpha1 <=3.2.3)

org.apache.hadoop:hadoop-common MAVEN version =3.0.0-alpha1, =1.0.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.2, =0.1.7, =3.34.0.3-1-3.1, =0.0.3, =1.0.0, =1.8.0 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...