CVE-2026-4725 vulnerabilities

Vulnerabilities for packages: firefox...

CVE-2026-4725

creationtimestamp| type| source ---|---|--- 2026-03-25 00:00:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhtruy3wcn2p 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/mozilla-products-multiple-vulnerabilities20260325 2026-03-25 11:35:36+00:00|...

CVE-2026-4725

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4725 Sandbox escape due to use-after-free in the Graphics: Canvas2D component

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4725 Sandbox escape due to use-after-free in the Graphics: Canvas2D component

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4725

CVE-2026-4725 describes a sandbox escape due to a use-after-free in the Graphics: Canvas2D component, affecting Firefox versions older than 149. The vulnerability impact is described in public CVE records; no exploitation details are provided in the connected documents. Affected software: Firefox...

CVE-2024-4725

A vulnerability has been found in Campcodes Legal Case Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientuser. The manipulation of the argument fname leads to cross site scripting. The attack can be launched...

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

CVE-2005-4725

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID...

CVE-2025-4725 itsourcecode Placement Management System view_drive.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. This affects an unknown part of the file /viewdrive.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-4725

The CVE-2024-4725 entry describes a cross-site scripting vulnerability in Campcodes Legal Case Management System 1.0, triggered by manipulating the f_name parameter in the /admin/client_user endpoint. The issue is exploitable remotely, and public disclosure is noted. The affected component is an ...

CVE-2023-4725

CVE-2023-4725 affects the WordPress plugin Simple Posts Ticker prior to version 1.1.6. The issue is that certain settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., administrators) even when the unfiltered_html capability is disallowed (such as in multi...

CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Simple Posts Ticker Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)

Software Simple Posts Ticker Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4725 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb8f01332256 Credits Dmitrii Ignatyev...

CVE-2018-4725

Rejected reason: This candidate is unused by its CNA...

CVE-2022-4725

creationtimestamp| type| source ---|---|--- 2022-12-27 18:13:33+00:00| seen| https://t.me/cibsecurity/55411...

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

CVE-2022-4725

The CVE-2022-4725 entry concerns the AWS Android SDK core’s XML Parser, specifically the XpathUtils.java function. It enables server-side request forgery (SSRF) due to its manipulation, affecting the XpathUtils component. The issue is fixed by upgrading from version 2.59.0 to 2.59.1; the patch id...

CVE-2022-4725 AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

CVE-2020-4725

IBM Monitoring IBM Cloud APM 8.1.4 could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974...