CVE-2026-25922

creationtimestamp| type| source ---|---|--- 2026-02-13 07:16:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mepxki7ihw2g...

CVE-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

CVE-2025-30031

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2024-25922

creationtimestamp| type| source ---|---|--- 2024-04-13 04:11:12+00:00| seen| https://t.me/arpsyndicate/4619...

CVE-2024-25922

Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9...

CVE-2023-25922

creationtimestamp| type| source ---|---|--- 2024-02-28 23:26:53+00:00| seen| https://t.me/ctinow/195963 2024-02-28 23:27:09+00:00| seen| https://t.me/ctinow/195978...

CVE-2023-25922

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621...

CVE-2023-25922

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247621...

CVE-2023-25922

Summary of CVE-2023-25922 (IBM Security Guardium Key Lifecycle Manager): This vulnerability affects GKLM versions 3.0, 3.0.1, 4.0, 4.1, and 4.1.1, where an attacker can upload or transfer files of dangerous types that can be automatically processed within the product’s environment. The IBM bullet...

WordPress Peach Payments Gateway Plugin <= 3.1.9 is vulnerable to Broken Access Control

Software Peach Payments Gateway Type Plugin Vulnerable versions = 3.1.9 Fixed in 3.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25922 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ed5c43af060 Credits Abdi Pranata Required...

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 and v4.1.1.7. Please upgrade to GKLM v4.2 or apply the latest fix packs 4.1.1 FP 7 for the fixes...

CVE-2022-25922 ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...

CVE-2022-25922 ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...

CVE-2022-25922

CVE-2022-25922 affects the Power Line Communications PLC4TRUCKS J2497 trailer brake controllers, where diagnostic functions can be invoked by replaying J2497 messages due to missing authentication/authorization for critical functions. This allows a remote attacker on the network/vehicle bus to tr...

CVE-2021-25922

creationtimestamp| type| source ---|---|--- 2021-03-22 23:37:37+00:00| seen| https://t.me/cibsecurity/25261...

CVE-2021-25922

CVE-2021-25922 affects OpenEMR versions 4.2.0 through 6.0.0 with a Reflected Cross-Site Scripting (XSS) vulnerability caused by inadequate validation of user input. An attacker could entice a user to click a crafted URL and thereby execute arbitrary code in the user’s browser. The provided docume...