Lucene search
K

54 matches found

Chainguard
Chainguard
added 6 days ago4 views

GHSA-3X8C-3563-5425 vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/07 3:45 p.m.7 views

MINI-5425-F62X-M4VG

Bulletin has no description...

9.1CVSS5.2AI score0.00373EPSS
Exploits0
Circl
Circl
added 2026/04/04 11:15 a.m.6 views

CVE-2026-5425

creationtimestamp| type| source ---|---|--- 2026-04-04 11:15:30+00:00| seen| Telegram/gVbA1acGlW-fyY5rGlXdxs5pj98sQBeJD9ssu2cbcQUWpFQ 2026-04-04 12:28:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mioacgoemc2s 2026-04-05 07:30:28+00:00| seen|...

7.2CVSS4.8AI score0.00233EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/04 8:25 a.m.3 views

CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feeddata' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00233EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 2:43 p.m.1 views

MINI-M5X8-5425-F625

Bulletin has no description...

5.1AI score
Exploits0
OSV
OSV
added 2025/08/10 8:42 a.m.1 views

MINI-PF64-5425-R69V

Bulletin has no description...

4.3CVSS7.2AI score0.03284EPSS
Exploits0
Circl
Circl
added 2025/06/02 4:5 a.m.16 views

CVE-2025-5425

creationtimestamp| type| source ---|---|--- 2025-06-02 04:05:57+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqlvk4pyl6n2...

6.5CVSS7AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:52 a.m.5 views

CVE-2024-5425

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.10 views

CVE-2023-5425

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with...

8.8CVSS6.7AI score0.00536EPSS
Exploits0References1
NVD
NVD
added 2024/06/07 4:15 a.m.18 views

CVE-2024-5425

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.0034EPSS
Exploits0References5
CVE
CVE
added 2024/06/07 3:21 a.m.49 views

CVE-2024-5425

CVE-2024-5425 affects the WP jQuery Lightbox plugin for WordPress. It allows stored XSS via the title attribute in all versions up to 1.5.4 due to insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or higher, enabling injected scripts to...

6.4CVSS5.5AI score0.0034EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/10/31 2:45 a.m.6 views

SUSE CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group...

7.8CVSS9.6AI score0.03782EPSS
Exploits8References4
Circl
Circl
added 2023/10/28 4:17 p.m.6 views

CVE-2023-5425

creationtimestamp| type| source ---|---|--- 2023-10-28 16:17:50+00:00| seen| https://t.me/cibsecurity/73107...

8.8CVSS7.3AI score0.00536EPSS
Exploits0References1
NVD
NVD
added 2023/10/28 12:15 p.m.16 views

CVE-2023-5425

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with...

8.8CVSS8.6AI score0.00536EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/10/27 12:0 a.m.15 views

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5425 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1def5cff52bd Credits Francesco Carlucci...

8.8CVSS6.5AI score0.00536EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/14 12:0 a.m.13 views

Debian DSA-5425-1 : php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5425 advisory. It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use...

5.5AI score
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2023/03/17 7:33 p.m.69 views

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...

7.2CVSS0.2AI score0.99815EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/03/14 12:0 a.m.521 views

Apache Tomcat Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation', 'Description' = %q This module exploits a vulnerability in...

7.8CVSS0.5AI score0.03782EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:39 p.m.20 views

Security Bulletin: Potential Security Vulnerability fixed in WebSphere Virtual Enterprise (CVE-2013-5425)

Abstract Potential Security vulnerability fixed in WebSphere Virtual Enterprise Content VULNERABILITY DETAILS: CVE ID:CVE-2013-5425PM93828 DESCRIPTION: IBM WebSphere Virtual Enterprise may be vulnerable to cross-site scripting in the Administration Console caused by improper validation of...

3.5CVSS8.9AI score0.01433EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/17 12:0 a.m.91 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : PCRE vulnerabilities (USN-5425-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5425-1 advisory. Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker coul...

7.5CVSS6.9AI score0.04182EPSS
Exploits0References3
Rows per page
Query Builder