CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

MAL-2025-7085 Malicious code in @antwiib001/modi-corporis-laudantium (npm)

The package @antwiib001/modi-corporis-laudantium was found to contain malicious code...

CVE-2025-7085

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack may be initiat...

CVE-2025-7085 Belkin F9K1122 webs formiNICWpsStart stack-based overflow

A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack may be initiat...

CVE-2024-7085

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Solutions Business Manager SBM allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions...

CVE-2024-7085

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Solutions Business Manager SBM allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions...

CVE-2024-7085

creationtimestamp| type| source ---|---|--- 2025-01-15 16:54:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1798 2025-01-15 17:16:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfsbfbowxv2s 2025-01-15 19:18:48+00:00| seen| https://t.me/cvedetector/15493...

CVE-2024-7085 Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM).

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Solutions Business Manager SBM allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions...

CVE-2024-7085 Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM).

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Solutions Business Manager SBM allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions...

CVE-2024-7085

The CVE-2024-7085 issue affects OpenText Solutions Business Manager (SBM) prior to or up to version 12.2.1. It is a Stored XSS caused by improper neutralization of input during web page generation, exposing private information to unauthorized actors. Documented impact is exposure of private infor...

Ubuntu: Security Advisory (USN-7085-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Scalable Vector Graphics (SVG) Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)

Software Scalable Vector Graphics SVG Type Plugin Vulnerable versions = 3.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7085 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 893df7114366 Credits Bob Matyas...

CVE-2023-7085

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7085

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

CVE-2023-7085

CVE-2023-7085 affects the SVG WordPress plugin up to version 3.4, where uploaded SVG files are not sanitized, enabling stored XSS via SVGs submitted by users with Author+ privileges. Root cause: lack of sanitization in SVG upload handling. Impact per sources: XSS payloads could be processed in th...

CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

Security Updates for Microsoft Office Products C2R (March 2020)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabili...

CVE-2018-7085

...

CVE-2018-7085

CVE-2018-7085 is rejected/not used; this entry does not represent an active vulnerability.