CVE-2026-25364 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.8...

CVE-2025-25364

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

CVE-2025-25364

CVE-2025-25364 affects Speedify VPN up to v15.0.0 and is caused by a command injection flaw in the me.connectify.SMJobBlessHelper XPC service. The vulnerability arises from improper input validation in the XPC interface, enabling local privilege escalation to root. PT-Security reports the issue i...

CVE-2025-25364

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges...

CVE-2022-25364

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as par...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

CVE-2023-25364

Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks...

CVE-2022-25364

creationtimestamp| type| source ---|---|--- 2022-03-17 19:26:40+00:00| seen| https://t.me/cibsecurity/39152...

CVE-2022-25364

CVE-2022-25364 concerns Gradle Enterprise prior to 2021.4.2, where the default built-in build cache configuration allowed anonymous write access. If not manually changed, a network-accessible build cache could be populated with manipulated entries that execute malicious code during a build. As of...

CVE-2021-25364

A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information...

CVE-2021-25364

CVE-2021-25364 affects Samsung Secure Folder prior to SMR APR-2021 Release 1, where a pendingIntent hijacking issue allows unprivileged apps to access contact information. The vulnerability is linked to Secure Folder’s handling of PendingIntents and exposes contact data locally. Affected software...

NETGEAR R7800 Command Injection Vulnerability (CNVD-2020-25364)

The NETGEAR R7800 is a router from NETGEAR. The NETGEAR R7800 suffers from a command injection vulnerability that can be exploited by an attacker to compromise confidentiality, integrity, and availability...