53 matches found
CVE-2026-7725
creationtimestamp| type| source ---|---|--- 2026-05-04 07:05:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkz4b64huq2p...
CVE-2026-7725 PrefectHQ prefect GitRepository Pull storage.py argument injection
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
CVE-2026-7725
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
CVE-2026-7725
CVE-2026-7725 affects PrefectHQ Prefect up to 3.6.25.dev6. The flaw is in the GitRepository Pull Handler (src/prefect/runner/storage.py) where argument commit_sha/directories can be manipulated to cause argument injection. Remote exploitation is possible; the public exploit exists. A fix is avail...
CVE-2026-7725 PrefectHQ prefect GitRepository Pull storage.py argument injection
A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...
CVE-2019-7725
includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...
Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-7725-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7725-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...
CVE-2025-7725
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to...
CVE-2025-7725 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to...
CVE-2025-7725
CVE-2025-7725 affects the WordPress plugin “Contest Gallery – Upload, Vote & Sell with PayPal and Stripe” (and related Photo/Contest Gallery suite). The vulnerability is a Stored Cross-Site Scripting (XSS) in the comment feature present in all versions up to and including 26.1.0, caused by insuff...
CVE-2025-7725 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to...
WordPress Contest Gallery plugin <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Contest Gallery versions = 26.1.0...
Foxit PDF Editor < 11.2.11 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.11. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a...
Foxit PDF Editor for Mac < 13.1.4 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor for Mac application previously named Foxit PhantomPDF for Mac installed on the remote macOS host is prior to 13.1.4. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability...
Foxit Reader Multiple Vulnerabilities (Aug 2024) - Windows
Foxit Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:reader";...
Foxit PhantomPDF Multiple Vulnerabilities (Aug 2024) - Windows
Foxit PhantomPDF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:phantompdf";...
CVE-2024-7725
creationtimestamp| type| source ---|---|--- 2024-08-21 19:04:59+00:00| seen| https://t.me/cvedetector/3777...
CVE-2024-7725
CVE-2024-7725 is a Use-After-Free in Foxit PDF Editor/Reader AcroForm handling that can allow remote code execution after user opens a malicious file or visits a malicious page. The flaw stems from not validating the existence of an object before operations, enabling code execution in the process...
Ivanti Avalanche WLInfoRailService Integer Overflow Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information or create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLInfoRailService, which listens on...
worksmith_etcd (>=0.0.1 <=0.2.1) potentially affected by CVE-2020-7725 via worksmith (>=0.0.22 <=0.1.8)
worksmith NPM version =0.0.22, =0.0.1, =0.2.1 Source cves: CVE-2020-7725 Source advisory: OSV:GHSA-9829-JJ5P-J6HF...