CVE-2026-3025

creationtimestamp| type| source ---|---|--- 2026-03-03 01:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mg4n6d4eed2w...

EUVD-2026-3025

EUVD-2026-3025...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.181-2.6.14.5.0.1.el7.AXS7 (AXSA:2018-3025:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3025:02 advisory. OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of...

CVE-2006-3025

Cross-site scripting XSS vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2025-3025

creationtimestamp| type| source ---|---|--- 2025-09-15 14:05:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyuxzn6ko72o 2025-09-23 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-905/...

CVE-2022-3025

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scriptin...

The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software allows a perpetrator to gain unauthorized access to account data.

The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software is related to the improper processing of special symbols in input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to account information by sending a specially crafted...

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3025

creationtimestamp| type| source ---|---|--- 2024-04-12 07:47:08+00:00| seen| https://t.me/arpsyndicate/4556...

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3025

The CVE-2024-3025 entry affects mintplex-labs/anything-llm, where the logo filename handling allows path traversal due to insufficient input validation. Attackers can reference files outside the restricted directory via the logo upload endpoint, exposing the application’s database and potentially...

WordPress Dropbox Folder Share Plugin <= 1.9.7 is vulnerable to Server Side Request Forgery (SSRF)

Software Dropbox Folder Share Type Plugin Vulnerable versions = 1.9.7 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Server Side Request Forgery SSRF CVE CVE-2023-3025 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID d1ee4d4ea4d2 Credits Alex...

CVE-2023-3025

The CVE-2023-3025 entry concerns the Dropbox Folder Share plugin for WordPress. Affected versions are

CVE-2022-3025 Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scriptin...

CVE-2022-3025 Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF

The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scriptin...

CVE-2021-3025

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API the sortDir parameter in a sortBy=popular action to the GETindex method in applications/downloads/api/files.php...

CVE-2021-3025

Summary: CVE-2021-3025 affects Invision Community IPS Community Suite up to version 4.5.4.2. The vulnerability is an SQL Injection in the Downloads REST API, triggered by the sortDir parameter via sortBy=popular in the GETindex() method of /applications/downloads/api/files.php. The issue could al...

IPS Community Suite 4.5.4 SQL Injection

----------------------------------------------------------------------------- IPS Community Suite sortBy == 'popular' 56. 57. \IPS\Request::i-sortDir = \IPS\Request::i-sortDir ?: 'ASC'; 58. $sortBy = 'filerating ' . \IPS\Request::i-sortDir . ', filereviews'; 59. $where = array array 'filerating?'...

Oracle Hospitality RES 3700 5.7 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Oracle Hospitality RES 3700 5.7 - Remote Code Execution Exploit Author: Walid Faour Vendor Homepage: https://www.oracle.com/industries/food-beverage/products/res-3700/ Software Link: N/A Available to customers Version: \ ...

Oracle Hospitality RES 3700 5.7 Remote Code Execution

Exploit Title: Oracle Hospitality RES 3700 5.7 - Remote Code Execution Date: 2019-10-01 Exploit Author: Walid Faour Vendor Homepage: https://www.oracle.com/industries/food-beverage/products/res-3700/ Software Link: N/A Available to customers Version: \ \ MDSSYSUTILS \ TransferFile \ Session \ \ '...