14 matches found
CVE-2026-25926 Notepad++ has an Untrusted Search Path
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...
CVE-2026-25926
creationtimestamp| type| source ---|---|--- 2026-02-18 08:49:04+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mf4p3cmum326 2026-02-20 07:15:05+00:00| seen| https://www.acn.gov.it/portale/w/notepad-poc-pubblico-per-lo-sfruttamento-della-cve-2026-25926 2026-02-20...
CVE-2024-25926
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1...
CVE-2024-25926 WordPress Widgets Controller plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1...
WordPress Widgets Controller Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Software Widgets Controller Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25926 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c79441001d3 Credits Dimas Maulana Required privilege...
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)
Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 and v4.1.1.7. Please upgrade to GKLM v4.2 or apply the latest fix packs 4.1.1 FP 7 for the fixes...
CVE-2022-25926
creationtimestamp| type| source ---|---|--- 2023-01-04 20:18:16+00:00| seen| https://t.me/cibsecurity/55906...
CVE-2022-25926
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization...
CVE-2022-25926
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization...
CVE-2022-25926
The CVE-2022-25926 entry concerns the npm package window-control . The vulnerability affects versions prior to 1.4.5 , where the function sendKeys does not properly sanitize input, leading to command injection . The issue is described across multiple sources (e.g., Red Hat, Snyk, GHSA advisories)...
CVE-2020-25926
creationtimestamp| type| source ---|---|--- 2021-08-18 22:17:06+00:00| seen| https://t.me/cibsecurity/27562...
CVE-2020-25926
Summary of CVE-2020-25926 (INFRA:HALT) in HCC Embedded/NicheStack: The DNS client in InterNiche NicheStack TCP/IP (pre-4.3) suffers from insufficient entropy in DNS transaction IDs, enabling remote DNS cache poisoning via specially crafted responses. The related ICS/National advisories enumerate ...
CVE-2021-25926
SiCKRAGE is affected by a Reflected XSS vulnerability (CVE-2021-25926) in versions 9.3.54.dev1 through 10.0.11.dev1, caused by improper validation of user input in the quicksearch feature. The underlying issue allows an attacker to steal a user’s sessionID and masquerade as the victim user, enabl...
CVE-2021-25926
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...