CVE-2018-25395

Kados R10 GreenBee is affected by an SQL injection via boards_buttons/update_feature.php in the feature_id parameter. The feature_id is concatenated directly into SQL statements without sanitization, enabling unauthenticated attackers to send crafted GET requests (including UNION-based payloads) ...

CVE-2026-25395

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through = 1.1.4...

CVE-2024-25395

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2...

CVE-2023-25395

TOTOlink A7100RU V7.4cu.2313B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules...

CVE-2021-25395

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised...

CVE-2024-25395

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2...

CVE-2024-25395

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2...

CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA has placed a set of eight flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link device...

CVE-2021-25395

creationtimestamp| type| source ---|---|--- 2023-06-29 18:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-11-10 21:46:40+00:00| seen| https://t.me/arpsyndicate/60 2024-12-24 20:34:45+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971844 2025-02-14 21:08:32+00:00| seen...

CVE-2023-25395

creationtimestamp| type| source ---|---|--- 2023-03-08 16:23:28+00:00| seen| https://t.me/cibsecurity/59667...

CVE-2023-25395

TOTOlink A7100RU V7.4cu.2313B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules...

CVE-2023-25395

The CVE-2023-25395 issue affects the Totolink A7100RU running 7.4cu.2313_B20191024, with a command injection path via the ou parameter at /setting/delStaticDhcpRules. The data in connected docs confirms a likely remote command injection in the API endpoint, impacting router OS. No exploitation de...

CVE-2022-25395

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting XSS attacks via the search parameter under the /cbpos/ app...

CVE-2022-25395

CVE-2022-25395 affects the product “Cosmetics and Beauty Product Online Store v1.0.” The vulnerability is a multiple reflected cross-site scripting (XSS) flaw triggered via the search parameter in the /cbpos/ application. The issue enables injection of script through the search input, with high-i...

CVE-2021-25395

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised...

CVE-2021-25395

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised...

CVE-2021-25395

CVE-2021-25395 describes a race condition in Samsung MFC charger driver prior to SMR MAY-2021 Release 1 that allows a local attacker with compromised radio privileges to bypass signature checks, impacting confidentiality, integrity, and availability. The vulnerability affects Samsung mobile devic...

CVE-2021-25395

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Trend Micro ServerProtect RPCFN_CMON_SetSvcImpersonateUser buffer overflow

Added: 12/28/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39752 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow in the ServerProtect service allows remote attackers to execute arbitrary commands by sending a specially crafted RPC request which is...

Trend Micro ServerProtect SpntSvc RPC buffer overflow

Added: 09/21/2007 CVE: CVE-2007-4218 BID: 25395 OSVDB: 39753 Background ServerProtect is a virus scanner for servers. The Trend Micro ServerProtect service SpntSvc.exe handles RPC requests on port 5168/TCP. Problem Buffer overflow vulnerabilities in the Trend Micro ServerProtect service allow...