CVE-2019-25299

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or...

Linux Distros Unpatched Vulnerability : CVE-2022-25299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mghttpupload method may enable attackers to write...

Linux Distros Unpatched Vulnerability : CVE-2025-25299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was...

CVE-2021-25299

Nagios XI version xi-5.7.5 is affected by cross-site scripting XSS. The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session...

CVE-2025-25299

creationtimestamp| type| source ---|---|--- 2025-02-20 23:01:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3linfhqq2ds2p 2025-02-20 23:12:09+00:00| seen| https://t.me/cvedetector/18602...

@authorium/ckeditor5-build-multi-root (>=41.3.1 <=41.4.2), @eagerworks/ckeditor5-build-multi-root (>=41.4.2 <=41.4.2-auth.3) +8 more potentially affected by CVE-2025-25299 via @ckeditor/ckeditor5-real-time-collaboration (>=41.3.1 <=44.2.1-alpha.0)

@ckeditor/ckeditor5-real-time-collaboration NPM version =41.3.1, =41.3.1, =41.4.2, =1.0.1, =4.0.45, =18.0.20, =0.0.8, =41.4.0, =1.0.8, =1.0.10 - htmljs-code =44.0.30 - markdownvue3demo =0.0.1 Source cves: CVE-2025-25299 Source advisory: OSV:GHSA-J3MM-WMFM-MWVH...

CVE-2025-25299

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2025-25299 Cross-site scripting (XSS) in the real-time collaboration package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2022-25299

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mghttpupload method may enable attackers to write files to arbitrary locations outside the designated target folder...

CVE-2022-25299

CVE-2022-25299 affects the cesanta/mongoose package before 7.6. The root cause is unsafe handling of file names during upload via mg_http_upload(), which may allow attackers to write files to arbitrary locations outside the designated target folder. No remediation details are provided in the conn...

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2021-25299

creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:42+00:00| seen| https://t.me/cibsecurity/23592 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-25299.yaml...

CVE-2021-25299

Nagios XI 5.7.5 is affected by a cross-site scripting (XSS) vulnerability in /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A malicious URL can steal an admin’s session cookies and may be chained with earlier bugs to achieve one-click remote comm...