CVE-2019-25481 iScripts ReserveLogic Lastest SQL Injection via search endpoint

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...

CVE-2026-25481

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

CVE-2026-25481

creationtimestamp| type| source ---|---|--- 2026-02-01 19:30:38+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57f...

Google Pixel elevation of privilege vulnerability (CNVD-2025-25481)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker that may lead to out-of-bounds writes and local elevation of privilege...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory...

CVE-2023-25481

creationtimestamp| type| source ---|---|--- 2023-05-23 16:25:19+00:00| seen| https://t.me/cibsecurity/64622...

CVE-2023-25481

Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

CVE-2023-25481 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...

CVE-2023-25481

CVE-2023-25481 affects the Podlove Podlove Subscribe Button plugin for WordPress, with CSRF vulnerabilities in versions

WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25481 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 87331aa50a18 Credits yuyudhn...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

CVE-2022-25481

ThinkPHP 5.0.24 is susceptible to information disclosure due to PATHINFO misconfiguration, allowing an attacker to access all system environment parameters from index.php. The connected template confirms an information-disclosure vulnerability; explicit exploit steps or buggy versions are not pro...

CVE-2021-25481

creationtimestamp| type| source ---|---|--- 2021-10-06 22:32:38+00:00| seen| https://t.me/cibsecurity/30102...

CVE-2021-25481

The CVE-2021-25481 entry concerns Samsung Exynos CPU (Exynos CP) booting driver. It reports improper error handling that allows local attackers to bypass the Secure Memory Protector of Exynos CP Memory prior to SMR Oct-2021 Release 1. Public references in the provided documents corroborate the ex...