CVE-2025-26054

Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting XSS via the "Description" field during LAN configuration...

CVE-2025-26055

An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function...

Infinxt iEdge 100 跨站脚本漏洞

Infinxt iEdge 100 is a next-generation secure SD-WAN appliance for small and medium-sized branch offices from Infinxt. A cross-site scripting vulnerability exists in Infinxt iEdge 100 version 2.1.32, which originates from cross-site scripting in the description field in the LAN configuration...

CVE-2025-26054

CVE-2025-26054 affects Infinxt iEdge 100 (version 2.1.32). The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the Description field during LAN configuration, caused by unsanitized user-controlled input in that field. CVSS v3.1 base score 5.4 (Medium) with Network attack vector...

CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

PT-2023-11868 · WordPress · The Ultimate Reviews

Name of the Vulnerable Software and Affected Versions: The Ultimate Reviews plugin for WordPress versions up to and including 2.1.32 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in several vulnerable functions, as no POP cha...

CVE-2019-25066

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading t...