13 matches found
CVE-2018-25325
creationtimestamp| type| source ---|---|--- 2026-05-17 14:37:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm2lm36p7j2c...
CVE-2019-25325
creationtimestamp| type| source ---|---|--- 2026-02-13 21:03:01+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3merfr4ybbx2h...
CVE-2019-25325 Thrive Smart Home 1.1 - 'Smart Home' Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1 to manipulate login queries and gain...
EUVD-2022-29929
Malicious code in bioql PyPI...
CVE-2022-25325
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230...
CVE-2021-25325
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...
CVE-2024-25325
SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php...
CVE-2024-25325
The CVE-2024-25325 entry describes a SQL injection in the Employee Management System v1.0, exploitable via a crafted payload to the txtemail parameter in login.php. This is a local vulnerability that could allow an attacker to obtain sensitive information. The provided connected documents confirm...
CVE-2022-25325
Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One v4.60 suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230...
CVE-2022-25325
CX-Programmer (part of CX-One v4.60) contains a Use-After-Free (CWE-416) in CX-Programmer v9.76.1 and earlier, triggered by opening a specially crafted CXP file, leading to information disclosure and/or arbitrary code execution. The vulnerability is corroborated by multiple sources (e.g., JVNDB-2...
CVE-2021-25325
creationtimestamp| type| source ---|---|--- 2021-01-19 18:56:10+00:00| seen| https://t.me/cibsecurity/22272...
CVE-2021-25325
CVE-2021-25325 affects MISP 2.4.136. It enables cross-site scripting via galaxy cluster element values sent to app/View/GalaxyElements/ajax/index.ctp, where reference types may include javascript: URLs. The issue arises from unsanitized input in galaxy elements, enabling an attacker to execute sc...
CVE-2021-25325
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs...