CVE-2026-25276

Memory corruption while using Strongbox due to missing bounds check...

CVE-2026-25276

Memory corruption while using Strongbox due to missing bounds check...

CVE-2026-25276

creationtimestamp| type| source ---|---|--- 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities20260602 2026-06-02 01:32:52+00:00| seen| https://infosec.exchange/users/offseq/statuses/116677923791061052 2026-06-02 17:37:06+00:00| seen|...

CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path

Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files x86\Rockwell Software\FactoryTalk...

CVE-2020-25276

An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...

CVE-2025-25276 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can hijack other users' devices and potentially control them...

CVE-2025-25276

creationtimestamp| type| source ---|---|--- 2025-04-15 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04...

SolarWinds Serv-U 15.2.0 < 15.2.3

The version of SolarWinds Serv-U installed on the remote host is prior to 15.2.2 HF1. It is, therefore, affected by a vulnerability as referenced in the serv-u1522hf1 advisory. - In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users'...

SolarWinds Serv-U 15.2.0 < 15.2.3

The version of SolarWinds Serv-U installed on the remote host is prior to 15.2.2 HF1. It is, therefore, affected by a vulnerability as referenced in the serv-u1522hf1 advisory. - In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users'...

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

CVE-2022-25276

The CVE-2022-25276 issue affects Drupal’s Media oEmbed iframe route, where iframe domain validation is insufficient, causing embeds to render in the context of the primary domain. This misvalidation can lead to cross-site scripting, leaked cookies, or other vulnerabilities under certain circumsta...

CVE-2022-25276

creationtimestamp| type| source ---|---|--- 2022-07-25 08:03:21+00:00| seen| https://t.me/codebysec/6298 2022-07-31 01:47:01+00:00| seen| https://t.me/MrVGunz/360 2023-04-26 18:25:59+00:00| seen| https://t.me/cibsecurity/62902...

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, a directory containing user profile files (including password hashes) is world-readable/writable. An unprivileged Windows user with filesystem access can copy a valid profile to that directory to create an FTP user, potentially gaining read/replace acc...

CVE-2021-25276

creationtimestamp| type| source ---|---|--- 2021-02-03 12:13:53+00:00| published-proof-of-concept| https://t.me/cKure/3819 2021-02-03 14:17:05+00:00| published-proof-of-concept| https://t.me/truesecator/1393 2021-02-08 09:06:04+00:00| seen| MISP/431b5ce3-4f3f-41ac-8d0d-3f30772012ff...

CVE-2020-25276

PrimeKey EJBCA 6.x and 7.x prior to 7.4.1 is affected. When enrolling via EST using a client certificate, revocation checks are not performed on that certificate, only impacting systems with EST configured and where the revoked certificate is in a role authorized to enroll new end entities. Remed...