CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

NVD•added 2026/04/26 10:17 p.m.•3 views

CVE-2018-25285

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of...

6.8CVSS0.0013EPSS

Exploits0References4

Vulnrichment•added 2026/04/26 1:19 p.m.•6 views

CVE-2018-25285 Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow

6.8CVSS5.8AI score0.0013EPSS

Exploits0References4

Cvelist•added 2026/04/26 1:19 p.m.•30 views

CVE-2018-25285 Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow

6.8CVSS0.0013EPSS

Exploits0References4

ATTACKERKB•added 2026/04/26 1:19 p.m.•4 views

CVE-2018-25285

6.8CVSS5.7AI score0.0013EPSS

Exploits0References4Affected Software1

CVE•added 2026/04/26 1:19 p.m.•7 views

CVE-2018-25285

Fathom 2.4 contains a buffer overflow in the Authorization Code field that can crash the application via an oversized input. An attacker with local access can trigger this by submitting a 6000-byte payload and activating it. CVSS metrics are provided (v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H; ba...

6.8CVSS5.8AI score0.0013EPSS

Exploits0References4

EUVD•added 2026/04/26 1:19 p.m.•7 views

EUVD-2018-21805

6.8CVSS5.8AI score0.0013EPSS

Exploits0References4

CNNVD•added 2026/04/26 12:0 a.m.•9 views

Fathom 安全漏洞

Fathom is an analysis tool developed by Fathom Inc. that processes website access data and provides privacy-friendly statistics. Version 2.4 of Fathom has a security vulnerability. This vulnerability stems from a buffer overflow in the Authorization Code field, which could allow local attackers t...

6.8CVSS6.1AI score0.0013EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-28837

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00565EPSS

Exploits0References2

OSSF Malicious Packages•added 2025/07/22 1:37 a.m.•4 views

Malicious code in fathom-fox (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac1e7b59b9f2a49b04dac133e2367b50305f8105cbc53e45be4db10e1107daf3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References3

OSV•added 2025/07/22 1:37 a.m.•3 views

MAL-2025-6159 Malicious code in fathom-fox (npm)

7AI score

Exploits0References3

WPVulnDB•added 2023/12/26 12:0 a.m.•8 views

Fathom Analytics < 3.1.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score

Exploits0References1Affected Software1

Patchstack•added 2023/10/26 12:0 a.m.•5 views

WordPress Fathom Analytics Plugin < 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Fathom Analytics Type Plugin Vulnerable versions 3.1.0 Fixed in 3.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 30f046c6503f Credits WordFence Required privilege...

6AI score

Exploits0References2Affected Software1

vulnersOsv•added 2022/05/13 1:19 a.m.•2 views

com.gitblit.fathom:fathom-integration-test (>=0.5.0 <=1.0.1), com.gitblit.fathom:fathom-mailer (>=0.5.0 <=1.0.1) +72 more potentially affected by CVE-2018-18240 via ro.pippo:pippo-core (>=0.4.0 <=1.11.0)

ro.pippo:pippo-core MAVEN version =0.4.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.2, =0.8.1, =0.8.4, =0.8.0, =0.8.0, =0.2.3, =0.4.0, =0.4.0, =1.11.0 and more Source cves: CVE-2018-18240 Source advisory: OSV:GHSA-H892-X453-86WC...

9.8CVSS7.7AI score0.03653EPSS

Exploits1

CNVD•added 2021/12/19 12:0 a.m.•21 views

WordPress Fathom Analytics plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The Fathom Analytics plugin is a WordPress open source application plugin. A cross-site scripting vulnerability exists in the WordPress Fathom Analytics plugin, which originates in the...

4.8CVSS1.7AI score0.00565EPSS

Exploits0References1

OSV•added 2021/12/14 4:15 p.m.•3 views

CVE-2021-41836

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $siteid parameter found in the /fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versio...

4.8CVSS5.8AI score0.00565EPSS

Exploits0References2

NVD•added 2021/12/14 4:15 p.m.•6 views

CVE-2021-41836

4.8CVSS0.00565EPSS

Exploits0References2

Prion•added 2021/12/14 4:15 p.m.•11 views

Cross site scripting

3.5CVSS4.8AI score0.00565EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2021/12/14 3:50 p.m.•5 views

CVE-2021-41836 Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting

4.8CVSS4.8AI score0.00565EPSS

Exploits0References2

CVE•added 2021/12/14 3:50 p.m.•49 views

CVE-2021-41836

CVE-2021-41836 details a Stored Cross-Site Scripting vulnerability in the WordPress Fathom Analytics plugin. The issue stems from insufficient input validation/escaping of the $site_id parameter in the file ~/fathom-analytics.php, exploitable by an attacker with administrative access to inject ar...

4.8CVSS4.8AI score0.00565EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/12/14 3:50 p.m.•12 views

CVE-2021-41836 Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting

4.8CVSS5.1AI score0.00565EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by