19 matches found
CVE-2026-25921
creationtimestamp| type| source ---|---|--- 2026-03-05 15:53:10+00:00| published-proof-of-concept| https://github.com/gogs/gogs/security/advisories/GHSA-cj4v-437j-jq4c 2026-03-05 19:20:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgdjewwz232f 2026-03-06 15:00:14+00:00|...
CVE-2023-25921
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620...
CVE-2024-25921
creationtimestamp| type| source ---|---|--- 2024-03-15 14:22:07+00:00| seen| https://t.me/ctinow/208779 2024-03-15 14:26:29+00:00| seen| https://t.me/ctinow/208790...
CVE-2024-25921
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2...
CVE-2024-25921 WordPress Action Network plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2...
CVE-2024-25921 WordPress Action Network plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2...
CVE-2024-25921
CVE-2024-25921 affects the WordPress Action Network plugin (versions up to and including 1.4.2). The vulnerability is a Reflected XSS due to improper input handling in the plugin’s search path, potentially allowing unauthenticated attackers to inject scripts in pages evaluated by users. Mitigatio...
CVE-2023-25921
CVE-2023-25921 affects IBM Security Guardium Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, allowing an attacker to upload or transfer dangerous-file types that can be automatically processed within the product environment. The Red Hat / IBM bulletin confirms remediation in GKLM ...
WordPress Action Network Plugin <= 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Action Network Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25921 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24b8e111dbfb Credits Mika Required privilege...
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)
Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 and v4.1.1.7. Please upgrade to GKLM v4.2 or apply the latest fix packs 4.1.1 FP 7 for the fixes...
@amirmarmul/waba-common (>=2.2.51 <=2.9.8), @aptana/multichannel-common (>=2.9.12 <=2.9.19) +14 more potentially affected by CVE-2022-25921 via morgan-json (=1.1.0)
morgan-json NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on morgan-json and may be impacted: - @amirmarmul/waba-common =2.2.51, =2.9.12, =1.0.0, =1.1.3, =1.0.0, =1.0.3, =0.11.0, =2.0.0, =0.0.5, =1.0.0, =0.1.0, =1.1.0, =0.0.1, =2.1.5...
CVE-2022-25921
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...
CVE-2022-25921 Arbitrary Code Execution
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...
CVE-2022-25921
CVE-2022-25921 affects the JavaScript package morgan-json . The vulnerability stems from missing sanitization of input passed to the Function constructor, enabling Arbitrary Code Execution . Multiple sources (Snyk, Veracode, GitHub advisories, OSV, CVE list) concur that all versions of morgan-jso...
CVE-2022-25921
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...
@amirmarmul/waba-common (>=2.2.51 <=2.9.8), @aptana/multichannel-common (>=2.9.12 <=2.9.19) +14 more potentially affected by CVE-2022-25921 via morgan-json (=1.1.0)
morgan-json NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on morgan-json and may be impacted: - @amirmarmul/waba-common =2.2.51, =2.9.12, =1.0.0, =1.1.3, =1.0.0, =1.0.3, =0.11.0, =2.0.0, =0.0.5, =1.0.0, =0.1.0, =1.1.0, =0.0.1, =2.1.5...
CVE-2021-25921
creationtimestamp| type| source ---|---|--- 2021-03-22 23:37:33+00:00| seen| https://t.me/cibsecurity/25259...
CVE-2021-25921
In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly in the Allergies section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit...
CVE-2021-25921
OpenEMR versions 2.7.3-rc1 to 6.0.0 are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Allergies section caused by insufficient validation of user input. An attacker could lure an administrator into submitting a malicious payload, enabling the exploit. The CVE entry cites CV...