CVE-2018-25271

creationtimestamp| type| source ---|---|--- 2026-04-22 16:52:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3xhgdodg2n...

CVE-2019-25271 NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations...

CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

CVE-2025-25271

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...

CVE-2025-25271

creationtimestamp| type| source ---|---|--- 2025-07-08 07:09:17+00:00| seen| https://infosec.exchange/users/certvde/statuses/114816355954472736 2025-07-08 07:10:35+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3ltgqm2dg2r72 2025-07-08 09:29:48+00:00| seen|...

CVE-2025-25271

CVE-2025-25271 describes an authentication-related misconfiguration in Phoenix Contact CHARX SEC OCPP implementations where an unauthenticated, network-adjacent attacker can configure a new OCPP backend due to insecure default settings in the configuration interface. Multiple sources (including N...

Fedora 37 : drupal7 (2022-c4334d5277)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c4334d5277 advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...

Fedora 36 : drupal7 (2022-9d655503ea)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9d655503ea advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...

Drupal 9.2.x < 9.2.13 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...

CVE-2022-25271

Removed by vendor...

CVE-2022-25271

The provided materials confirm CVE-2022-25271 affects Drupal core via the form API. The root cause is improper input validation in certain contributed or custom modules’ forms, potentially allowing an attacker to inject disallowed values or overwrite data. Affected forms are described as uncommon...

Drupal 7.x < 7.88 / 9.2.x < 9.2.13 / 9.3.x < 9.3.6 Multiple Vulnerabilities (drupal-2022-02-16)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities. - The Quick Edit module does not properly check entity access in some...

CVE-2021-25271

creationtimestamp| type| source ---|---|--- 2021-10-08 07:39:34+00:00| seen| https://t.me/cibsecurity/30231...

CVE-2021-25271

The CVE-2021-25271 vulnerability affects Sophos HitmanPro prior to Build 318. A local attacker can read or write arbitrary files with administrator privileges due to improper access control, enabling escalation on affected installations. Connected sources consistently reference HitmanPro and Buil...

CVE-2020-25271

The CVE-2020-25271 entry concerns PHPGurukul hospital-management-system-in-php version 4.0, where multiple endpoints (admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, admin/appointment-history.php) expose an XSS vulnerability. Root cause and exact...