54 matches found
MINI-F8JV-3925-X4JX
Bulletin has no description...
PT-2026-24873
CVE-2026-3925 Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. C… https://t.co/XnxsUXtXOT...
EUVD-2026-3925
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Muji muji allows PHP Local File Inclusion.This issue affects Muji: from n/a through = 1.2.0...
ECHO-C681-3925-0A88
Bulletin has no description...
CVE-2019-3925
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...
CVE-2025-3925
creationtimestamp| type| source ---|---|--- 2025-05-06 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03 2025-05-07 21:25:57+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lomdj37jw7a2 2025-05-08...
CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.11 due to insufficient input sanitization a...
CVE-2024-3925
CVE-2024-3925 – Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerable until 5.6.7 per CVE record; stored XSS via Creative Button widget occurs with authenticated attackers at contributor level or higher. Connected sources confirm the is...
WordPress Element Pack Elementor Addons Plugin <= 5.6.11 is vulnerable to Cross Site Scripting (XSS)
Software Element Pack Elementor Addons Type Plugin Vulnerable versions = 5.6.11 Fixed in 5.6.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34b396a49d6c Credits Ngô Thiê...
CVE-2022-3925
creationtimestamp| type| source ---|---|--- 2022-12-12 20:20:59+00:00| seen| https://t.me/cibsecurity/54336...
CVE-2022-3925
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3925
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3925 Buddybadges <= 1.0.0 - Admin+ SQLi
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...
CVE-2022-3925
CVE-2022-3925 affects buddybadges WordPress plugin (versions
CVE-2017-3925
...
CVE-2020-3925
The CVE-2020-3925 entry concerns a Remote Code Execution vulnerability in some designated ServiSign security plugin applications. The connected CVEList document suggests a root-cause vector: RCE via LoadLibrary on Windows, implying a vulnerable component/function used by the ServiSign plugin. The...
CVE-2020-3925 ServiSign Windows Versions- Remote Code Execution via LoadLibrary
A Remote Code ExecutionRCE vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts...
CVE-2019-3925
CVE-2019-3925 affects Crestron AM-100 (firmware 1.6.0.2) and AM-101 (firmware 2.7.0.2). The vulnerability is a remote, unauthenticated command injection via SNMP with OID iso.3.6.1.4.1.3212.100.3.2.9.3, allowing an attacker to execute OS commands as root. Related Red Hat and CVE listings corrobor...
Ubuntu 14.04 LTS / 16.04 LTS : FreeImage vulnerability (USN-3925-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3925-1 advisory. It was discovered that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or...
Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability(CVE-2018-3925)
Summary An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on...