UBUNTU-CVE-2018-25306

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

CVE-2026-25306

creationtimestamp| type| source ---|---|--- 2026-03-26 21:03:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mhyiuuu3sm2o 2026-04-09 05:30:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mj23blrhm62h...

VulnCheck KEV: CVE-2026-25306

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

CVE-2019-25306

creationtimestamp| type| source ---|---|--- 2026-02-12 14:16:18+00:00| seen| https://bsky.app/profile/postacc.bsky.social/post/3meo6kxhekw2u 2026-02-12 14:23:34+00:00| seen| https://bsky.app/profile/postacc.bsky.social/post/3meo6xwvnkp2u 2026-02-12 14:32:29+00:00| seen|...

CVE-2023-25306

MultiMC Launcher = 0.6.16 is vulnerable to Directory Traversal...

CVE-2025-25306 Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the id and url fields of ActivityPub objects. An attacker can forge an object where they claim authority in the url field even if the specific ActivityPub...

CVE-2025-25306 Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes

Misskey is an open source, federated social media platform. The patch for CVE-2024-52591 did not sufficiently validate the relation between the id and url fields of ActivityPub objects. An attacker can forge an object where they claim authority in the url field even if the specific ActivityPub...

CVE-2024-25306

CVE-2024-25306 affects Code-projects Simple School Managment System 1.0. The vulnerability is a SQL injection via the aname parameter in School/index.php , caused by lack of input validation. Impact is described as high on confidentiality, integrity, and availability per CVSS 3.1 (AV:N/AC:L/PR:L/...

CVE-2023-25306

creationtimestamp| type| source ---|---|--- 2023-06-26 19:13:42+00:00| seen| https://t.me/cibsecurity/65512...

CVE-2023-25306

MultiMC Launcher = 0.6.16 is vulnerable to Directory Traversal...

CVE-2023-25306

MultiMC Launcher

CVE-2022-25306

creationtimestamp| type| source ---|---|--- 2022-02-24 22:15:12+00:00| seen| https://t.me/cibsecurity/38054...

CVE-2022-25306 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...

CVE-2022-25306 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...

CVE-2022-25306

The CVE-2022-25306 entry concerns the WordPress WP Statistics plugin. Data from connected docs confirms a Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping/sanitization of the browser parameter in ~/includes/class-wp-statistics-visitor.php, exploitable on pages that display...

CVE-2021-25306

A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands...

CVE-2021-25306

CVE-2021-25306 describes a buffer overflow in the AT command interface of Gigaset DX600A v41.00-175 devices. A remote attacker can force a reboot by sending relatively long AT commands. Root cause: overflow in AT command handling. Impact: availability loss (device reboot) with high CVSS v3.1 scor...

Microsoft Vista侧栏联系人及天气小工具远程代码执行漏洞（MS07-048）

BUGTRAQ ID: 25306,25304 CVECAN ID: CVE-2007-3891,CVE-2007-3032 Vista是微软发布的最新的操作系统。 Vista侧栏的联系人和天气小工具在解析某些属性时没有执行充分的验证，远程攻击者可能利用此漏洞通过诱使用户执行某些操作来控制系统。 如果用户在联系人小工具中导入添加了恶意的联系人文件，或单击了天气小工具中的恶意链接，就可能导致在系统上运行恶意代码。 Microsoft Windows Vista 临时解决方法： 卸载或禁用天气和联系人小工具 在“组策略”或注册表中禁用侧栏 修改gadget.xml上的访问控制列表以增加限制：...