Lucene search
K

21 matches found

NVD
NVD
added 2026/06/19 6:16 p.m.19 views

CVE-2019-25757

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.19 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.2AI score0.00377EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.8 views

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-25757)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-25757 advisory. - i40e: add validation for ringlen param Lukasz Czapnik Orabug: 38607608 CVE-2025-39973 - crypto: afalg - Disallow concurrent writes in afalgsendm...

7.8CVSS8.2AI score0.0037EPSS
Exploits2References121
RedhatCVE
RedhatCVE
added 2025/05/22 7:26 p.m.8 views

CVE-2021-25757

In JetBrains Hub before 2020.1.12629, an open redirect was possible...

6.1CVSS6.9AI score0.00641EPSS
Exploits0References1
NVD
NVD
added 2023/08/11 3:15 a.m.19 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.4AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/11 2:37 a.m.12 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.2AI score0.00377EPSS
Exploits0References1
CVE
CVE
added 2023/08/11 2:37 a.m.43 views

CVE-2023-25757

Intel Unison software vulnerable to improper access control until version 10.12, enabling privilege escalation via network access by a privileged attacker. Affected product: Intel(R) Unison(TM) software prior to 10.12. Root cause: access-control weakness that could allow escalation of privilege w...

7.3CVSS7.1AI score0.00377EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2023/08/11 2:37 a.m.20 views

CVE-2023-25757

Improper access control in some IntelR UnisonTM software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access...

7.3CVSS7.3AI score0.00377EPSS
Exploits0References1
Intel
Intel
added 2023/08/08 12:0 a.m.22 views

Intel® Unison™ Software Advisory

Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25757 Description: Improper access contr...

7.3CVSS6.5AI score0.00377EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/03/28 7:15 a.m.3 views

CVE-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

9.8CVSS5.9AI score0.02384EPSS
Exploits0References3
NVD
NVD
added 2022/03/28 7:15 a.m.26 views

CVE-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

9.8CVSS0.02384EPSS
Exploits0References2
CVE
CVE
added 2022/03/28 7:0 a.m.124 views

CVE-2022-25757

CVE-2022-25757 (Apache APISIX) affects APISIX up to version 2.12.x before 2.13.0. When decoding JSON with duplicate keys, lua-cjson returns the last value, allowing an attacker to bypass the body_schema validation in the request-validation plugin (e.g., {"string_payload":"bad","string_payload":"g...

9.8CVSS9.5AI score0.02384EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/28 7:0 a.m.28 views

CVE-2022-25757 Apache APISIX: the body_schema check in request-validation plugin can be bypassed

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...

9.6AI score0.02384EPSS
Exploits0References2
Circl
Circl
added 2021/02/03 6:49 p.m.6 views

CVE-2021-25757

creationtimestamp| type| source ---|---|--- 2021-02-03 18:49:24+00:00| seen| https://t.me/cibsecurity/23019...

6.1CVSS6.1AI score0.00641EPSS
Exploits0References1
NVD
NVD
added 2021/02/03 4:15 p.m.23 views

CVE-2021-25757

In JetBrains Hub before 2020.1.12629, an open redirect was possible...

6.1CVSS0.00641EPSS
Exploits0References2
CVE
CVE
added 2021/02/03 3:17 p.m.52 views

CVE-2021-25757

CVE-2021-25757 : Concrete details across multiple sources show an open redirect vulnerability in JetBrains Hub prior to version 2020.1.12629. The affected component is JetBrains Hub (authentication/redirect flow). The root cause is an open redirect that could be abused to redirect users to an arb...

6.1CVSS6.3AI score0.00641EPSS
Exploits0References2Affected Software1
Jetbrains
Jetbrains
added 2021/02/03 12:0 a.m.112 views

JetBrains Security Bulletin Q4 2020

JetBrains News Security JetBrains Security Bulletin Q4 2020 Robert Demmer In the fourth quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description |...

7.5CVSS6.8AI score0.01533EPSS
Exploits1Affected Software9
CVE
CVE
added 2020/12/15 7:27 p.m.73 views

CVE-2020-25757

CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...

8.8CVSS8.8AI score0.02044EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/12/15 7:27 p.m.30 views

CVE-2020-25757

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...

8.9AI score0.02044EPSS
Exploits0References3
Circl
Circl
added 2020/12/10 1:7 p.m.7 views

CVE-2020-25757

creationtimestamp| type| source ---|---|--- 2020-12-10 13:07:21+00:00| seen| https://t.me/truesecator/1241 2020-12-10 15:21:30+00:00| seen| https://t.me/coridoryvlasti/139 2020-12-15 22:40:54+00:00| seen| https://t.me/cibsecurity/20875...

8.8CVSS7.3AI score0.02044EPSS
Exploits0References3
Rows per page
Query Builder