CVE-2023-25914

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

CVE-2025-25914

SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter...

CVE-2025-25914

creationtimestamp| type| source ---|---|--- 2025-03-17 19:47:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7837 2025-03-17 23:20:00+00:00| seen| https://t.me/cvedetector/20523 2025-03-18 00:01:10+00:00| seen|...

CVE-2025-25914

The CVE-2025-25914 entry concerns SQL injection in Online Exam Mastering System v1.0 via the fid parameter. Multiple connected sources (RH, NVD, CNNVD, CIRCL, CVE List) confirm the issue and describe it as allowing remote code execution with a 9.8 CVSS v3.1 score (CRITICAL, AV:N/AC:L/PR:N/UI:N/S:...

CVE-2024-25914

creationtimestamp| type| source ---|---|--- 2024-02-13 06:22:04+00:00| seen| https://t.me/ctinow/183617...

CVE-2024-25914

Cross-Site Request Forgery CSRF vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20...

CVE-2024-25914

CVE-2024-25914 : WordPress SMTP Mail plugin is affected up to version 1.3.20 and is vulnerable to Cross-Site Request Forgery (CSRF). The issue enables an attacker to induce unauthorized actions on behalf of an authenticated user. The Wordfence vulnerability data confirms the patch path, with a fi...

WordPress SMTP Mail Plugin <= 1.3.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software SMTP Mail Type Plugin Vulnerable versions = 1.3.20 Fixed in 1.3.21 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-25914 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8c89b8d2051d Credits Abdi Pranata Required...

CVE-2023-25914

creationtimestamp| type| source ---|---|--- 2023-08-22 00:41:13+00:00| seen| https://t.me/cibsecurity/68914...

CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

CVE-2023-25914

CVE-2023-25914 describes a path-traversal flaw in the Danfoss AK-SM800A system manager. Authenticated attackers could read arbitrary server files via the product’s XML interface, potentially enabling full system compromise. Affected versions cited include 3.3 and earlier in multiple feeds; root c...

CVE-2023-25914 Authneticated Path Traversal in Danfoss AK-SM800A

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2022-25914

A flaw was found in the jib-core package. This flaw allows an attacker to execute remote code into its target...

au.net.causal.maven.plugins:boxdb-maven-plugin (=3.2), co.elastic.docker-base:co.elastic.docker-base.gradle.plugin (>=0.0.1 <=0.0.5) +78 more potentially affected by CVE-2022-25914 via com.google.cloud.tools:jib-core (>=0.10.0 <=0.21.0)

com.google.cloud.tools:jib-core MAVEN version =0.10.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0, =0.4.0, =0.34.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.3.0, =4.4.2 and more Source cves: CVE-2022-25914 Source advisory: OSV:GHSA-936V-CG49-M2G5...

CVE-2022-25914

creationtimestamp| type| source ---|---|--- 2022-09-08 12:14:57+00:00| seen| https://t.me/cibsecurity/49438...

CVE-2022-25914

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution RCE via the isDockerInstalled function, due to attempting to execute input...

CVE-2022-25914

CVE-2022-25914 affects the jib-core library from Google Cloud Tools (versions before 0.22.0). The impact is Remote Code Execution via the isDockerInstalled function when handling input, as documented across multiple sources (GHSA, NVD, OSV). Affected component: com.google.cloud.tools:jib-core; ro...

a6s-railway (>=0.2.0 <=0.2.3), fbl (>=1.5.0 <=1.15.0) potentially affected by CVE-2021-25914 via object-collider (=1.0.3)

object-collider NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on object-collider and may be impacted: - a6s-railway =0.2.0, =1.5.0, =1.15.0 Source cves: CVE-2021-25914 Source advisory: OSV:GHSA-85G2-29M8-QF2P...

CVE-2021-25914

creationtimestamp| type| source ---|---|--- 2021-03-01 20:43:19+00:00| seen| https://t.me/cibsecurity/24304 2025-04-30 18:14:30+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14118...