CVE-2025-1488

The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirectto' parameter. This makes it possible for unauthenticated attackers to redire...

CVE-2025-1488 WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter

The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirectto' parameter. This makes it possible for unauthenticated attackers to redire...

WordPress plugin WPO365 MICROSOFT 365 GRAPH MAILER 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

PT-2025-7762 · Unknown · Wp Social Seo Booster

Name of the Vulnerable Software and Affected Versions: WP Social SEO Booster – Knowledge Graph Social Signals SEO versions 1.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability...

fyrox-animation (=0.2.0), fyrox-graph (=0.1.0) +2 more potentially affected by unknown CVE via fyrox-core (=0.28.1)

fyrox-core CARGO version =0.28.1 is affected by a known vulnerability. The following packages have a transitive dependency on fyrox-core and may be impacted: - fyrox-animation =0.2.0 - fyrox-graph =0.1.0 - fyrox-resource =0.12.0 - fyrox-sound =0.35.0 Source cves: unknown CVE Source advisory:...

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster i...

SUSE CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

CVE-2025-1185

A vulnerability was found in pihome-shc PiHome 2.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?Ajax=GetModalSensorGraph. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

DEBIAN-CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

UBUNTU-CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

PiHome 注入漏洞

PiHome is a home automation system by the individual developer of PiHomeHVAC. An injection vulnerability exists in PiHome version 2.0, which originates from /ajax.php?Ajax=GetModalSensorGraph contains a SQL injection vulnerability...

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti version 1.2.29, which stems from...

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in hosttemplates.php via the graphtemplate parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in mediapipelinestart The graph walk attempts to follow all links, even if they are not between pads. This can cause a crash, especially when dealing with a MEDIALNKFLANCILLARYLINK link type. This issue...

CVE-2024-21632

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +374 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=0.7.0-rc4 <=3.0.3)

org.apache.cassandra:cassandra-all MAVEN version =0.7.0-rc4, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.10.0, =0.13.0, =0.15.0, =0.6.1, =0.10.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

The vulnerability of the graph creation function or graph template creation function of the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the graph creation function or graph template creation function in the Cacti network monitoring software is related to improper handling of line separators. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

Impact of Azure AD Graph Deprecation on Veeam Backup for Microsoft Azure

Challenge Data protection of Azure services may fail using any version of Veeam Backup for Microsoft Azure below v6 build number 6.0.0.234. Cause Starting February 1, 2025, Microsoft has retired Azure AD Graph. As a result, any application relying on Azure AD Graph will be unable to make requests...