16575 matches found
CVE-2025-6175 CRLF Injection in DECE Software's Geodi
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...
CVE-2025-6175
CVE-2025-6175 describes an Improper Neutralization of CRLF Sequences (CRLF Injection) in DECE Software Geodi that allows HTTP Request Splitting. Affected product: DECE Software Geodi (before GEODI Setup 9.0.146). Root cause documented as improper CRLF handling, enabling split requests. Impact not...
CVE-2025-6175 CRLF Injection in DECE Software's Geodi
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146...
PT-2025-31198 · Dece · Geodi
Name of the Vulnerable Software and Affected Versions: DECE Software Geodi versions prior to 9.0.146 Description: The software contains an Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability, which allows for HTTP Request Splitting. Recommendations: Update to GEODI Setup...
CVE-2025-24485
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
PT-2025-31100 · Unknown · Meddream Pacs Premium
Name of the Vulnerable Software and Affected Versions: MedDream PACS Premium version 7.3.5.860 Description: A server-side request forgery issue exists in the cecho.php functionality. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2025-41420
A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-50128
A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-48732
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...
CVE-2025-50128
A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-48732
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...
CVE-2025-48732
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...
CVE-2025-50128
A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-53084
A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabili...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-46410
CVE-2025-46410 affects WWBN AVideo 14.4 and dev master commit 8a8954ff. Talos reports a reflected XSS in managerPlaylists.php via the PlaylistOwnerUsersId parameter due to insufficient input sanitization, enabling arbitrary Javascript execution when a user visits a crafted page. The vulnerability...