MAL-2025-35725 Malicious code in test-mlw2-lupin-foggy (npm)

The package test-mlw2-lupin-foggy was found to contain malicious code...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6...

CVE-2024-35725

CVE-2024-35725: Missing Authorization vulnerability in LA-Studio Element Kit for Elementor affecting LA-Studio Element Kit for Elementor versions up to 1.3.6. Connected sources confirm a broken access control issue with high impact (per NVD CVSS: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The document...

CVE-2024-35725 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6...

WordPress LA-Studio Element Kit for Elementor Plugin <= 1.3.6 is vulnerable to Broken Access Control

Software LA-Studio Element Kit for Elementor Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35725 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7f224f9edc9 Credits...

CVE-2023-35725 D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-35725

CVE-2023-35725 affects D-Link DAP-2622 devices via a stack-based buffer overflow in the DDP service. The vulnerability arises from improper validation of user-supplied data length before copying to a fixed-length stack buffer, enabling network-adjacent attackers to execute code with root privileg...

CVE-2022-35725

creationtimestamp| type| source ---|---|--- 2022-09-12 15:31:59+00:00| seen| https://t.me/cibsecurity/49536...

CVE-2022-35725

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Hans Matzen's wp-forecast plugin = 7.5 at WordPress...

CVE-2022-35725

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Hans Matzen's wp-forecast plugin = 7.5 at WordPress...

CVE-2022-35725 WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Hans Matzen's wp-forecast plugin = 7.5 at WordPress...

CVE-2022-35725

CVE-2022-35725 affects Hans Matzen’s WordPress plugin wp-forecast (versions

CVE-2022-35725 WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Hans Matzen's wp-forecast plugin = 7.5 at WordPress...

CVE-2020-35725

creationtimestamp| type| source ---|---|--- 2021-01-11 07:45:06+00:00| seen| https://t.me/cibsecurity/21884...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35725

Affected software: Quest Policy Authority 8.1.2.200. Issue: Reflected XSS enabling remote attackers to inject arbitrary script via a crafted link to /WebCM/index.jsp using the msg parameter. Root cause: user-supplied msg value reflected in the page, enabling code execution in the browser. Impact:...