Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation

Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which...

CVE-2026-25369

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexmls Flexmls® IDX flexmls-idx allows Reflected XSS.This issue affects Flexmls® IDX: from n/a through = 3.15.9...

CVE-2019-25369 OPNsense 19.1 Stored XSS via system_advanced_sysctl.php

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the systemadvancedsysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context o...

CVE-2022-25369

An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have...

CVE-2022-25369

CVE-2022-25369 (Dynamicweb) affects Dynamicweb versions before 9.12.8, where an unauthenticated attacker can create a new administrator account due to a logic flaw in setup phase checks. After becoming the newly created admin, the attacker can upload an executable and achieve command execution (r...

CVE-2025-25369

creationtimestamp| type| source ---|---|--- 2025-02-26 12:23:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/15630 2025-02-26 16:00:08+00:00| published-proof-of-concept| Telegram/eal9Ra0ypGkEhYFNQI-UasMXMNQG9dqnJsA3nKGQdMfgq1c 2025-02-26 17:43:25+00:00| seen|...

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

CVE-2024-25369

A reflected Cross-Site Scripting XSS vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the groupid parameter...

CVE-2024-25369

This CVE concerns FUEL CMS 1.5.2, where a reflected XSS flaw exists in the group_id parameter that can allow an attacker to execute arbitrary code. The descriptions consistently attribute the issue to FUEL CMS 1.5.2 and do not provide concrete mitigation steps or a confirmed patched version withi...

VulnCheck KEV: CVE-2022-25369

Dynamicweb logic flaw remote code execution...

CVE-2023-25369

CVE-2023-25369 affects Siglent SDS 1104X-E (SDS1xx4X-E_V6.1.37R9.ADS). The vulnerability is a Denial of Service on the device UI triggered by a malformed SCPI command. Exploitation details are not provided in the supplied documents, and no active exploit is described here. Impact is UI unavailabi...

CVE-2023-25369

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command...

CVE-2023-25369

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command...

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...

Samsung Mobile Devices Memory Corruption Vulnerability

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...

CVE-2021-25369

creationtimestamp| type| source ---|---|--- 2022-11-04 15:50:00+00:00| seen| https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html 2022-11-05 13:30:01+00:00| exploited| https://t.me/CyberSecurityTechnologies/7108 2022-11-10 13:21:36+00:00|...

CVE-2022-25369

creationtimestamp| type| source ---|---|--- 2022-02-25 11:05:15+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/5488 2025-06-04 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-06-04 2025-06-06 00:00:00+00:00| exploited| The...

CVE-2021-25369

An improper access control vulnerability in seclog file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace...

CVE-2021-25369

CVE-2021-25369 is an information-leak vulnerability in the Samsung device stack, uncovered as part of a three-vulnerability exploit chain. The issue resides in an improper access control of the sec_log file, exposing kernel information to userspace prior to Samsung’s SMR MAR-2021 Release 1. The l...