CVE-2026-25172

creationtimestamp| type| source ---|---|--- 2026-03-10 16:57:37+00:00| seen| https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review 2026-03-10 19:07:55+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0080 2026-03-11 03:00:16+00:00| seen|...

March 13, 2026—Hotpatch KB5084597 (OS Builds 26200.7982 and 26100.7982) Out-of-band

March 13, 2026—Hotpatch KB5084597 OS Builds 26200.7982 and 26100.7982 Out-of-band This update for Windows 11, version 25H2 and 24H2 KB5084597 incudes security improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, an...

CVE-2018-25172

creationtimestamp| type| source ---|---|--- 2026-03-06 14:17:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgfiukdaht2n...

WordPress VidMov Theme <= 1.9.4 is vulnerable to Local File Inclusion

Software VidMov Type Theme Vulnerable versions = 1.9.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-25172 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 14a25e16a9b7 Credits Bonds Required privilege Unauthenticated Published 2...

CVE-2023-25172

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...

Discourse 3.1.x < 3.1.0.beta2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...

CVE-2023-25172

creationtimestamp| type| source ---|---|--- 2023-03-17 19:31:41+00:00| seen| https://t.me/cibsecurity/60259...

CVE-2023-25172 Discourse vulnerable to Cross-site Scripting - user name displayed on post

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...

CVE-2023-25172

Discourse exposes a cross-site scripting (XSS) vulnerability when a malicious URL is placed in a user’s full name field in vulnerable branches. Affected versions are prior to Discourse 3.0.1 (stable) and 3.1.0.beta2 (beta/tests-passed). The root cause is an XSS payload in the full name field that...

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

CVE-2022-25172

The CVE-2022-25172 issue affects InHand Networks InRouter302 (v3.5.4): the web interface session cookie is missing the HttpOnly flag, enabling JavaScript access and exposing the session cookie via XSS. TALOS details confirm this information disclosure vulnerability and show tested version 3.5.4; ...

CVE-2021-25172

creationtimestamp| type| source ---|---|--- 2021-02-08 22:39:45+00:00| seen| https://t.me/cibsecurity/23246...

CVE-2021-25172

The Baseboard Management Controller BMC firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function...

CVE-2021-25172

The CVE-2021-25172 entry affects HPE Apollo 70 System BMC firmware, where the libifc.so websetdefaultlangcfg function is vulnerable to command injection in versions prior to 3.0.14.0. Root cause: vulnerable websetdefaultlangcfg implementation in libifc.so. Impact: potential local command executio...

CVE-2021-25172

The Baseboard Management Controller BMC firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function...

CVE-2020-25172

creationtimestamp| type| source ---|---|--- 2020-11-06 20:51:16+00:00| seen| https://t.me/cibsecurity/15990...

CVE-2020-25172

CVE-2020-25172 refers to a relative path traversal vulnerability in the B. Braun OnlineSuite, affecting AP 3.0 and earlier. The issue allows unauthenticated attackers to upload or download arbitrary files via the vulnerable component/file handling. The CVSS base scores (v3.1: 9.8 CRITICAL; v2.0: ...

CVE-2020-25172 B. Braun OnlineSuite

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files...

B. Braun OnlineSuite

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: OnlineSuite Vulnerabilities: Relative Path Traversal, Uncontrolled Search Path Element, Improper Neutralization of Formula Elements in a CSV File 2. RISK...

CVE-2019-25172

...