CVE-2025-6059 - The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the cache, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6059
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50150 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50150
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50149 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50149
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50148 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50148
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50147 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50147
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50146 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50146
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50145 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50145
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50144 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50144
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50143 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50143
Partager : LinkedIn / Twitter / Facebook
CVE-2025-50142 - Rejected reason: Not used
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-50142
Partager : LinkedIn / Twitter / Facebook
CVE-2025-33108 - IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system.
14/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-33108
Partager : LinkedIn / Twitter / Facebook
CVE-2025-25215 - An arbitrary free vulnerability exists in the cv_close functionality of
Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call
can lead to an arbitrary free. An attacker can forge a fake session to
trigger this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25215
Partager : LinkedIn / Twitter / Facebook
CVE-2025-24919 - A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24919
Partager : LinkedIn / Twitter / Facebook
CVE-2025-6083 - In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6083
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49598 - conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling meta.yaml can inject malicious code into the version assignment, which is executed during file processing, leading to arbitrary code execution. Exploitation requires an attacker to modify the recipe file by manipulating the RECIPE_DIR variable and introducing a malicious meta.yaml file. While this is more feasible in CI/CD pipelines, it is uncommon in typical environments, reducing overall risk. This vulnerability is fixed in 4.15.0.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49598
Partager : LinkedIn / Twitter / Facebook
CVE-2025-25050 - An out-of-bounds write vulnerability exists in the
cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36.
A specially crafted ControlVault API call can lead to an out-of-bounds
write. An attacker can issue an API call to trigger this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25050
Partager : LinkedIn / Twitter / Facebook
CVE-2025-24922 - A stack-based buffer overflow vulnerability exists in the
securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A
specially crafted malicious cv_object can lead to a arbitrary code
execution. An attacker can issue an API call to trigger this
vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24922
Partager : LinkedIn / Twitter / Facebook
CVE-2025-24311 - An out-of-bounds read vulnerability exists in the cv_send_blockdata
functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted
ControlVault API call can lead to an information leak. An attacker can
issue an API call to trigger this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24311
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49597 - handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49597
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49596 - The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49596
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49587 - XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification displayer executes Velocity, the existing generic analyzer already warns admins before editing Velocity code. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This vulnerability has been patched in XWiki 15.10.16, 16.4.7, and 16.10.2 by adding a required rights analyzer that warns the admin before editing about the possibly malicious code.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49587
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49586 - XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49586
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49585 - XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki (requires edit right), and that same document is later edited by a user with script, admin, or programming right, malicious code could be executed with the rights of the editing user without prior warning. In particular, this concerns custom display code, the script of computed properties and queries in database list properties. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49585
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49584 - XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default for an XWiki installation. This allows an attacker to get titles of pages whose reference is known, one title per request. This doesn't affect fully private wikis as the REST endpoint checks access rights on the XClass definition. The impact on confidentiality depends on the strategy for page names. By default, page names match the title, so the impact should be low but if page names are intentionally obfuscated because the titles are sensitive, the impact could be high. This has been fixed in XWiki 16.4.7, 16.10.3 and 17.0.0 by adding access control checks before getting the title of any page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49584
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49583 - XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful. This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49583
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49582 - XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an attacker to hide malicious content. For most macros, the existing analyzers don't consider non-lowercase parameters. Further, most macro parameters that can contain XWiki syntax like titles of information boxes weren't analyzed at all. Similarly, the "source" parameters of the content and context macro weren't anylzed even though they could contain arbitrary XWiki syntax. In the worst case, this could allow a malicious to add malicious script macros including Groovy or Python macros to a page that are then executed after another user with programming righs edits the page, thus allowing remote code execution. The required rights analyzers have been made more robust and extended to cover those cases in XWiki 16.4.7, 16.10.3 and 17.0.0.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49582
Partager : LinkedIn / Twitter / Facebook
CVE-2025-6052 - A flaw was found in how GLib's GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn't. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6052
Partager : LinkedIn / Twitter / Facebook
CVE-2025-6035 - A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6035
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49581 - XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the children macro that is used in a page that has programming right like the page XWiki.ChildrenMacro and thus allows arbitrary script macros. This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49581
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49580 - XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49580
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48920 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48920
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48919 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48919
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48918 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48918
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48917 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48917
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48916 - Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48916
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48915 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48915
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48914 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48914
Partager : LinkedIn / Twitter / Facebook
CVE-2025-6030 - Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack.
Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6030
Partager : LinkedIn / Twitter / Facebook
CVE-2025-6029 - Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.
Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6029
Partager : LinkedIn / Twitter / Facebook
CVE-2025-36633 - In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-36633
Partager : LinkedIn / Twitter / Facebook
CVE-2025-36631 - In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-36631
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28389 - Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28389
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28388 - OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28388
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28386 - A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28386
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28384 - An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28384
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28382 - An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28382
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28381 - A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28381
Partager : LinkedIn / Twitter / Facebook
CVE-2025-28380 - A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28380
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46096 - Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-46096
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46060 - Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-46060
Partager : LinkedIn / Twitter / Facebook
CVE-2025-45988 - Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-45988
Partager : LinkedIn / Twitter / Facebook
CVE-2025-45987 - Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-45987
Partager : LinkedIn / Twitter / Facebook
CVE-2025-45986 - Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the mac parameter in the bs_SetMacBlack function.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-45986
Partager : LinkedIn / Twitter / Facebook
CVE-2025-45985 - Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-45985
Partager : LinkedIn / Twitter / Facebook
CVE-2025-45984 - Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via the routepwd parameter in the sub_45B238 function.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-45984
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49468 - A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-49468
Partager : LinkedIn / Twitter / Facebook
CVE-2025-29902 - Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-29902
Partager : LinkedIn / Twitter / Facebook
CVE-2025-48825 - RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-48825
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46783 - Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-46783
Partager : LinkedIn / Twitter / Facebook
CVE-2025-36506 - External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-36506
Partager : LinkedIn / Twitter / Facebook
CVE-2025-6012 - The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-6012
Partager : LinkedIn / Twitter / Facebook
CVE-2025-39240 - Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-39240
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38824 - Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38824
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5923 - The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className' parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5923
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22242 - Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22242
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22241 - File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22241
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22240 - Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22240
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22239 - Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22239
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22238 - Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22238
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22237 - An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22237
Partager : LinkedIn / Twitter / Facebook
CVE-2025-22236 - Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22236
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38825 - The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38825
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38823 - Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38823
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38822 - Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38822
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4229 - An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4229
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4227 - An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Palo Alto Networks GlobalProtect™ app allows certain packets to remain unencrypted instead of being properly secured within the tunnel.
An attacker with physical access to the network can inject rogue devices to intercept these packets. Under normal operating conditions, the GlobalProtect app automatically recovers from this interception within one minute.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4227
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5815 - The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5815
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5282 - The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5282
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5950 - The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind' parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5950
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5939 - The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5939
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5938 - The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5938
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5930 - The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5930
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5928 - The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5928
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5926 - The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5926
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5841 - The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class' parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5841
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5491 - Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5491
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5288 - The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5288
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5233 - The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex' parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5233
Partager : LinkedIn / Twitter / Facebook
CVE-2025-5123 - The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style' parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-5123
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4586 - The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4586
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4585 - The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4585
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4584 - The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4584
Partager : LinkedIn / Twitter / Facebook
CVE-2025-47959 - Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-47959
Partager : LinkedIn / Twitter / Facebook
CVE-2025-30399 - Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30399
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4232 - An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4232
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4231 - A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4231
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4230 - A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.
The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4230
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4228 - An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
13/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4228
Partager : LinkedIn / Twitter / Facebook
CVE-2025-4233 - An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.
12/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-4233
Partager : LinkedIn / Twitter / Facebook
CVE-2025-41234 - Description
In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.
Specifically, an application is vulnerable when all the following are true:
* The header is prepared with org.springframework.http.ContentDisposition.
* The filename is set via ContentDisposition.Builder#filename(String, Charset).
* The value for the filename is derived from user-supplied input.
* The application does not sanitize the user-supplied input.
* The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).
An application is not vulnerable if any of the following is true:
* The application does not set a “Content-Disposition” response header.
* The header is not prepared with org.springframework.http.ContentDisposition.
* The filename is set via one of: * ContentDisposition.Builder#filename(String), or
* ContentDisposition.Builder#filename(String, ASCII)
* The filename is not derived from user-supplied input.
* The filename is derived from user-supplied input but sanitized by the application.
* The attacker cannot inject malicious content in the downloaded content of the response.
Affected Spring Products and VersionsSpring Framework:
* 6.2.0 - 6.2.7
* 6.1.0 - 6.1.20
* 6.0.5 - 6.0.28
* Older, unsupported versions are not affected
MitigationUsers of affected versions should upgrade to the corresponding fixed version.
Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.
CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.
12/06/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-41234
Partager : LinkedIn / Twitter / Facebook
Soutenez No Hack Me sur Tipeee
Les annonces ayant été modifiées dernièrement
CVE-2025-44091 - yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-44091
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49186 - The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-49186
Partager : LinkedIn / Twitter / Facebook
CVE-2025-49182 - Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-49182
Partager : LinkedIn / Twitter / Facebook
CVE-2022-4976 - Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.
The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2022-4976
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46988 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46988
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46987 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46987
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46986 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46986
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46985 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46985
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46984 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46984
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46983 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46983
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46982 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46982
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46981 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46981
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46979 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46979
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46978 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46978
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46977 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46977
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46976 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46976
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46975 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46975
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46974 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46974
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46973 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46973
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46972 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46972
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46971 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46971
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46970 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46970
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46968 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46968
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46967 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46967
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46966 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46966
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46965 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46965
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46964 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46964
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46963 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46963
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46960 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46960
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46957 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46957
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46956 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46956
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46955 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46955
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46954 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46954
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46953 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46953
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46952 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46952
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46951 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46951
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46950 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46950
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46949 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46949
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46948 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46948
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46947 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46947
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46946 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46946
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46945 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46945
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46944 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46944
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46943 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46943
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46942 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46942
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46941 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46941
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46940 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46940
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46939 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46939
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46935 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46935
Partager : LinkedIn / Twitter / Facebook
CVE-2025-46934 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
13/06/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-46934
Partager : LinkedIn / Twitter / Facebook