PJPROJECT 2.16 - Heap Bufferoverflow

Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow Google Dork: CVE-2026-25994 PJSIP PJNATH pjsip ≤ 2.16 Date: Apr 6 2026 Exploit Author: V.Nos - BinSmaser Team Vendor Homepage: https://github.com/pjsip/pjproject Software Link: https://github.com/VABISMO/cve-2026-25994PJSIP Version: rxufrag; -...

📄 PJPROJECT 2.16 Buffer Overflow

PJPROJECT versions 2.16 and below suffer from a heap buffer overflow vulnerability. Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow Google Dork: CVE-2026-25994 PJSIP PJNATH pjsip ≤ 2.16 Date: Apr 6 2026 Exploit Author: V.Nos - BinSmaser Team Vendor Homepage: https://github.com/pjsip/pjproject...

CVE-2026-25994

creationtimestamp| type| source ---|---|--- 2026-04-07 01:00:05+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/79168 2026-04-07 09:00:04+00:00| published-proof-of-concept| Telegram/O4LcqucU1LaZaaWyFLISymaCFCoMKyIZUhNwooAElOjim-8 2026-05-06 14:30:36+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-25994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session...

UBUNTU-CVE-2026-25994

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames...

CVE-2026-25994 PJSIP has a heap buffer overflow in ICE with long username

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames...

CVE-2024-25994

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only...

CVE-2025-25994

FeMiner wms wms 1.0 is affected by an SQL injection vulnerability exposed in the parameters date1, date2, and id. The CVE entry indicates a remote attacker could obtain sensitive information through these inputs. Connected sources corroborate FeMiner wms as the vulnerable component and describe l...

CVE-2025-25994

SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id...

CVE-2024-25994

creationtimestamp| type| source ---|---|--- 2024-03-12 10:26:36+00:00| seen| https://t.me/ctinow/205475 2025-01-24 07:04:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2876...

CVE-2024-25994 PHOENIX CONTACT: Unintended script file upload in CHARX Series

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only...

CVE-2024-25994

CVE-2024-25994 affects Phoenix Contact CHARX SEC devices (CHARX SEC-3100, and related SEC series). The CharxUpdateAgent service listens on TCP port 9999 and fails to validate user-supplied data, enabling an unauthenticated attacker to upload arbitrary script files to a fixed write-only location. ...

CVE-2023-25994

Cross-Site Request Forgery CSRF vulnerability in Alex Benfica Publish to Schedule plugin = 4.4.2 versions...

CVE-2023-25994 WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Alex Benfica Publish to Schedule plugin = 4.4.2 versions...

CVE-2023-25994

CVE-2023-25994 is a CSRF vulnerability in the WordPress Publish to Schedule plugin (versions

WordPress Publish to Schedule Plugin <= 4.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Publish to Schedule Type Plugin Vulnerable versions = 4.4.2 Fixed in 4.5.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25994 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 196402e1491d Credits Rio Darmawan...

CVE-2021-25994 Userfrosting - Host-Header Injection Leads to Account Takeover

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...

CVE-2021-25994

CVE-2021-25994 concerns Userfrosting versions v0.3.1–v4.6.2 vulnerable to Host Header Injection. The underlying issue allows an unauthenticated attacker to abuse the forgot-password flow by injecting host header data to reset a user’s password, enabling account takeover. Connected documents corro...