CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

CVE-2025-5251

creationtimestamp| type| source ---|---|--- 2025-05-27 17:47:31+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq6antmxaxj2 2025-05-27 17:48:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17681...

CVE-2025-5251 PHPGurukul News Portal Project edit-subcategory.php sql injection

A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2024-5251

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

CVE-2019-5251

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information...

CVE-2010-5251

Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse 1 nnoteswc.dll or 2 nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this...

CVE-2020-5251

In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...

CVE-2024-5251 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

CVE-2024-5251

CVE-2024-5251 describes a Stored Cross-Site Scripting vulnerability in Ultimate Addons for WPBakery Page Builder (WordPress). The issue affects all versions up to and including 3.19.20, caused by insufficient input sanitization and output escaping in the ultimate_pricing shortcode attributes. Exp...

WordPress Ultimate Addons for WPBakery Page Builder Plugin <= 3.19.20 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Addons for WPBakery Page Builder Type Plugin Vulnerable versions = 3.19.20 Fixed in 3.19.20.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 581cfa0b62a8...

CVE-2019-5251

creationtimestamp| type| source ---|---|--- 2024-03-12 09:11:30+00:00| seen| https://t.me/ctinow/205410...

Rocky Linux 9 : pcre2 (RLSA-2022:5251)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5251 advisory. - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This...

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

CVE-2023-5251

The CVE-2023-5251 entry concerns the Grid Plus WordPress plugin. The issue is a missing capability check in grid_plus_save_layout_callback and grid_plus_delete_callback, affecting versions up to and including 1.3.2. This allows authenticated users with subscriber privileges or higher to add, upda...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : GEGL vulnerability (USN-5251-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5251-1 advisory. It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system function for execution of the...

CVE-2013-5251

creationtimestamp| type| source ---|---|--- 2023-09-14 22:31:07+00:00| seen| https://t.me/cibsecurity/70498...

CVE-2013-5251

Rejected reason: This candidate is unused by its CNA...

italoon.it Cross Site Scripting vulnerability OBB-3281108

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2012-5251

Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK...