54 matches found
GHSA-3X8C-3563-5425 vulnerabilities
Vulnerabilities for packages: chromium...
MINI-5425-F62X-M4VG
Bulletin has no description...
CVE-2026-5425
creationtimestamp| type| source ---|---|--- 2026-04-04 11:15:30+00:00| seen| Telegram/gVbA1acGlW-fyY5rGlXdxs5pj98sQBeJD9ssu2cbcQUWpFQ 2026-04-04 12:28:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mioacgoemc2s 2026-04-05 07:30:28+00:00| seen|...
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data
The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
MINI-M5X8-5425-F625
Bulletin has no description...
MINI-PF64-5425-R69V
Bulletin has no description...
CVE-2025-5425
creationtimestamp| type| source ---|---|--- 2025-06-02 04:05:57+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqlvk4pyl6n2...
CVE-2024-5425
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2023-5425
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with...
CVE-2024-5425
The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-5425
CVE-2024-5425 affects the WP jQuery Lightbox plugin for WordPress. It allows stored XSS via the title attribute in all versions up to 1.5.4 due to insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or higher, enabling injected scripts to...
SUSE CVE-2016-5425
The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group...
CVE-2023-5425
creationtimestamp| type| source ---|---|--- 2023-10-28 16:17:50+00:00| seen| https://t.me/cibsecurity/73107...
CVE-2023-5425
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with...
WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control
Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5425 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1def5cff52bd Credits Francesco Carlucci...
Debian DSA-5425-1 : php8.2 - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5425 advisory. It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use...
Metasploit Weekly Wrap-Up
FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...
Apache Tomcat Privilege Escalation
This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation', 'Description' = %q This module exploits a vulnerability in...
Security Bulletin: Potential Security Vulnerability fixed in WebSphere Virtual Enterprise (CVE-2013-5425)
Abstract Potential Security vulnerability fixed in WebSphere Virtual Enterprise Content VULNERABILITY DETAILS: CVE ID:CVE-2013-5425PM93828 DESCRIPTION: IBM WebSphere Virtual Enterprise may be vulnerable to cross-site scripting in the Administration Console caused by improper validation of...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : PCRE vulnerabilities (USN-5425-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5425-1 advisory. Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker coul...