CVE-2026-5125

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...

CVE-2026-5125

creationtimestamp| type| source ---|---|--- 2026-03-30 20:45:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3micjqk2t642d...

EUVD-2008-5125

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-5125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough...

WordPress Custom Post Carousels with Owl plugin < 1.4.12 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Custom Post Carousels with Owl versions 1.4.12...

CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS

The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...

CVE-2025-5125

The CVE-2025-5125 entry affects the WordPress plugin “Custom Post Carousels with Owl”, specifically versions prior to 1.4.12. The root cause is unsanitized input in the data-featherlight attribute used by the Featherlight library, enabling a Stored XSS condition as described by multiple sources. ...

CVE-2011-5125

Cross-site scripting XSS vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-5125

creationtimestamp| type| source ---|---|--- 2024-11-14 20:00:32+00:00| seen| https://t.me/cvedetector/10983...

CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2019-5125

creationtimestamp| type| source ---|---|--- 2024-02-05 11:17:01+00:00| seen| https://t.me/ctinow/179131...

WordPress FormGet Contact Form Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS)

Software FormGet Contact Form Type Plugin Vulnerable versions = 5.5.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5125 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6838d413b93d Credits Lana Codes Required...

CVE-2023-5125

creationtimestamp| type| source ---|---|--- 2023-09-23 17:16:08+00:00| seen| https://t.me/cibsecurity/70963...

CVE-2023-5125

CVE-2023-5125 affects the WordPress plugin Contact Form by FormGet. It is a stored XSS via the formget shortcode in versions up to 5.5.5 due to insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with contributor-level permissions can inject ar...

CVE-2023-5125 Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

SUSE CVE-2017-5125

Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2018-5125

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firef...

Mageia: Security Advisory (MGASA-2017-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...