CVE-2026-25901

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2026-25901

CVE-2026-25901 affects Joomla! Core — specifically the multilingual associations component. The root cause is a lack of output escaping in com_associations, which creates a reflected/XSS vector when user-supplied content is rendered. Documented impact indicates potential for script execution that...

CVE-2026-25901

Lack of output escaping leads to a XSS vector in the multilingual associations component...

CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...

CVE-2025-25901

creationtimestamp| type| source ---|---|--- 2025-02-13 15:23:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113997265784169151 2025-02-13 16:17:33+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li33mncyhg2a 2025-02-13 17:12:29+00:00|...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js cookiejar module ( CVE-2022-25901 )

Summary Node.js cookiejar module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25901. Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function....

[SECURITY] [DLA 3561-1] node-cookiejar security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3561-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 11, 2023 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DLA-3561-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-25901

Adobe Dimension versions 3.4.7 and earlier is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-25901

Adobe Dimension 3.4.7 and earlier is affected by an Improper Input Validation vulnerability (CVE-2023-25901) that could allow arbitrary code execution in the context of the current user, requiring user interaction to open a malicious file. Connected sources add that this and related issues are ad...

Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.2 Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function. A remote attack...

CVE-2022-25901

creationtimestamp| type| source ---|---|--- 2023-01-18 06:31:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-h452-7996-h45h...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

CVE-2022-25901

CVE-2022-25901 affects the Node.js package cookiejar. The vulnerability is a denial of service (ReDoS) in Cookie.parse caused by an insecure regular expression, exploitable remotely to exhaust CPU. Public details confirm vulnerable versions include cookiejar before 2.1.4; affected products includ...

CVE-2022-25901

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS via the Cookie.parse function, which uses an insecure regular expression...

addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)

lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:GHSA-W47J-HQPF-QW9W...

addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)

lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:RUSTSEC-2021-0004...

Spiceworks 7.5 - HTTP Header Injection

Exploit Title: Spiceworks 7.5 - HTTP Header Injection Google Dork: inurl:/prousers/login Discovered Date: 15/09/2020 Exploit Author: Ramikan Vendor Homepage: https://www.spiceworks.com Affected Version: 7.5.7.0 may be others. Tested On Version: 7.5.7.0 CVE : CVE-2020-25901 Vulnerability: Host...

CVE-2020-25901

creationtimestamp| type| source ---|---|--- 2020-12-18 18:43:57+00:00| seen| https://t.me/cibsecurity/21076...