PT-2026-37355

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.11.13 Rancher versions prior to 2.12.9 Rancher versions prior to 2.13.5 Rancher versions prior to 2.14.1 Description A path traversal issue exists in the UI plugin mechanism. Malicious code can be injected through t...

SUSE CVE-2026-25705

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

CVE-2019-25705

creationtimestamp| type| source ---|---|--- 2026-04-12 04:16:33+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2019-25705 2026-04-12 14:20:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjckcqao5n23 2026-06-07 03:07:07+00:00| seen|...

EUVD-2023-25705

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-25705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively...

CVE-2022-25705

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response...

CVE-2024-25705

There is a cross‑site scripting XSS vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary...

CVE-2024-25705 Cross site scripting issue in embed widget

There is a cross‑site scripting XSS vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary...

CVE-2024-25705 Cross site scripting issue in embed widget

There is a cross‑site scripting XSS vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary...

CVE-2023-25705

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...

CVE-2023-25705 WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...

CVE-2023-25705

CVE-2023-25705 describes an authenticated (admin+) stored cross-site scripting vulnerability in the WordPress plugin WP Prayer (Go Prayer, WP Prayer)

CVE-2023-25705 WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Go Prayer WP Prayer plugin = 1.9.6 versions...

CVE-2022-25705

creationtimestamp| type| source ---|---|--- 2023-03-11 00:21:37+00:00| seen| https://t.me/cibsecurity/59842...

CVE-2022-25705 Integer Overflow to Buffer Overflow in Modem

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response...

CVE-2022-25705

CVE-2022-25705 causes memory corruption in a Qualcomm modem due to an integer overflow that can overflow a buffer when handling APDU responses. The entry is listed under Qualcomm closed-source components; the exact affected product/version is not detailed in the provided documents. The CVSSv3.1 b...

SUSE CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Bas...

WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Prayer Type Plugin Vulnerable versions = 1.9.6 Fixed in 1.9.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25705 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c3efe5530c7b Credits Rio Darmawan Required privile...

Security Bulletin: IBM MQ Appliance is affected by a Kernel vulnerability (CVE-2020-25705)

Summary IBM MQ Appliance has resolved a Kernel vulnerability. Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an...

Security Bulletin: UDP source port randomization flaw in IBM DataPower Gateway (CVE-2020-25705)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2020-25705 DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this...