CVE-2026-25205

creationtimestamp| type| source ---|---|--- 2026-04-13 05:45:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mje5zn6par27 2026-04-13 07:18:01+00:00| published-proof-of-concept| Telegram/WZFVHGgaKyJ7TxaSM0HnzDZsEpM2ufMQ-E7g3YgMqDv7PE...

CVE-2026-25205

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25205

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2026-25205

Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335...

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

CVE-2025-25205

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

CVE-2025-25205

creationtimestamp| type| source ---|---|--- 2025-02-12 18:18:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113992291274845967 2025-02-12 19:15:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyv4n35zi2a 2025-02-12 20:48:42+00:00| seen|...

CVE-2025-25205

CVE-2025-25205 affects Audiobookshelf (self-hosted server) versions 2.17.0 through 2.19.0. A flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored URL-regex patterns (e.g., r=/api/items/1/cover), enabling partial bypass of authentication and, on some ...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

CVE-2022-25205

CVE-2022-25205 concerns Jenkins dbCharts Plugin versions ≤ 0.5.2. The vulnerability is a CSRF flaw in a form validation method that allows an attacker with Item/Configure or Overall/Read permissions to trigger actions across the Jenkins controller: it can instruct Jenkins to connect to an attacke...

Mimosa PTP Devices Stored Cross Site Scripting (CVE-2020-25205)

A cross-site scripting vulnerability exists in Mimosa PTP Devices. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2021-25205

creationtimestamp| type| source ---|---|--- 2021-07-23 00:36:49+00:00| seen| https://t.me/cibsecurity/26424...

CVE-2021-25205

The CVE-2021-25205 entry concerns a SQL injection in SourceCodester E-Commerce Website V1.0. The vulnerability occurs in empViewUpdate.php via the update parameter, allowing remote attackers to execute arbitrary SQL statements. Connected documents consistently identify the affected software as So...

CVE-2020-25205

The CVE-2020-25205 vulnerability affects Mimosa PTP/M5/M5c/C5x firmware up to version 2.8.0.2. It is a stored cross-site scripting flaw in the web console’s set_banner() function located at /var/www/core/controller/index.php. An unauthenticated attacker can write arbitrary JavaScript to /mnt/jffs...

CVE-2019-25205

...

CVE-2019-25205

CVE-2019-25205 entry is rejected/not used and does not represent an active vulnerability.