22 matches found
CVE-2019-25489
creationtimestamp| type| source ---|---|--- 2026-03-07 02:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mggq5wpi542h...
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hostingid parameter. Attackers can send GET requests to the rooms/ajaxrefreshsubtotal endpoint with malicious hostingid values to extract...
CVE-2026-25489
creationtimestamp| type| source ---|---|--- 2026-02-02 20:59:08+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-v585-mf6r-rqrc...
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
CVE-2023-25489
creationtimestamp| type| source ---|---|--- 2023-10-04 14:11:54+00:00| seen| https://t.me/cibsecurity/71556...
CVE-2023-25489
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin = 2.0.0 versions...
CVE-2023-25489
CVE-2023-25489 is a CSRF vulnerability in the WordPress plugin Update Theme and Plugins from Zip File (versions
WordPress Update Theme and Plugins from Zip File Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Update Theme and Plugins from Zip File Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25489 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0461fa05dda Credit...
CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA has placed a set of eight flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link device...
CVE-2021-25489
creationtimestamp| type| source ---|---|--- 2023-06-29 18:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:34:46+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971846 2025-02-14 21:08:32+00:00| seen| Telegram/n5CrZtNloi9lGLONfjAThMtpupYWH9TjR2BIidxI6D1rJVMm...
CVE-2022-25489
creationtimestamp| type| source ---|---|--- 2022-03-15 21:19:42+00:00| seen| https://t.me/cibsecurity/38968...
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the "A" parameter in /widgets/debug.php...
CVE-2022-25489
CVE-2022-25489 : Atom CMS v2.0 contains a reflected XSS in the A parameter of /widgets/debug.php. Exploitation could inject scripts into pages viewed by users, with potential data theft, session hijacking, or defacement as described in connected sources. Remediation is available: Atom CMS v2.1 fi...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
CVE-2021-25489
The CVE-2021-25489 issue affects Samsung Mobile Devices, caused by improper input validation in the modem interface driver, triggering a format-string error that can cause a kernel panic. Affected are Samsung Mobile Devices prior to SMR Oct-2021 Release 1. The root cause is missing input validati...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-25489
A heap overflow in Sqreen PyMiniRacer aka Python Mini Racer before 0.3.0 allows remote attackers to potentially exploit heap corruption...
CVE-2020-25489
A heap overflow in Sqreen PyMiniRacer aka Python Mini Racer before 0.3.0 allows remote attackers to potentially exploit heap corruption...