CLSA-2025-1758645818 openldap: Fix of 14 CVEs

Rebase to 2.4.58 to fix the following vulnerabilities: - CVE-2020-12243: fix denial of service caused by LDAP search filters with nested boolean expressions - CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing - CVE-2020-36223: fix slapd crash in the Values Return...

CVE-2019-25709 CF Image Hosting Script 1.6.5 Unauthorized Database Access

CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...

CVE-2019-25709

creationtimestamp| type| source ---|---|--- 2026-04-12 04:16:33+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2019-25709 2026-04-12 14:35:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjcl676fhl2a 2026-04-23 21:07:07+00:00| seen|...

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

CVE-2025-25709

creationtimestamp| type| source ---|---|--- 2025-03-12 16:41:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7325...

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

CVE-2025-25709

Technical details beyond the reported description are not publicly available in the provided connected documents. Monitor for updates from the vendor and CVE databases for affected product/version, impact, and fixes.

CVE-2025-25709

An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints...

CVE-2022-25709

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg...

CVE-2024-25709

creationtimestamp| type| source ---|---|--- 2025-02-01 17:28:08+00:00| seen| Telegram/sJyJmWOpeiiXws9o5B8E323wi-NFpLtkh5Ziv-RKIhpK3Jf...

Advisory ROSA-SA-2024-2439

Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function...

CVE-2024-25709 Self-XSS style in move item dialog

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScrip...

CVE-2024-25709 Self-XSS style in move item dialog

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScrip...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openldap Multiple Vulnerabilities (NS-SA-2023-0016)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openldap packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger ...

CVE-2023-25709

Cross-Site Request Forgery CSRF vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.11 versions...

CVE-2023-25709 WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.11 versions...

CVE-2023-25709 WordPress Locatoraid Store Locator Plugin <= 3.9.11 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Plainware Locatoraid Store Locator plugin = 3.9.11 versions...

CVE-2023-25709

CVE-2023-25709 is a CSRF vulnerability in the WordPress plugin Locatoraid Store Locator (Plainware) &lt;= 3.9.11. The entry shows a high impact according to NVD CVSS: CVSS:3.1 base score 8.8 (HIGH) with network attack vector, user interaction required. Patch information from Patchstack indicates ...

CVE-2022-25709

CVE-2022-25709 describes a memory corruption in the data modem caused by using an out-of-range pointer offset while processing a QMI message. The vulnerability is tracked across multiple sources (NVD, Red Hat, CVE listings) and is categorized as High severity with local attack vector and local pr...

CVE-2022-25709 Use of Out-of-range Pointer Offset in Data Modem

Memory corruption in modem due to use of out of range pointer offset while processing qmi msg...