Navigation:   Dark C0d3rs Exploit Log CVE Details Daily CVE Record Information - 2025-02-14

Daily CVE Record Information - 2025-02-14

0 Replies, 430 Views

 hashXploiter

   02-14-2025, 10:11 PM
Administrator
#1
CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVSS Score : 4.5
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26789

An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment.

CVSS Score : 6.9
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26788

StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

CVSS Score : 8.4
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26524

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.

CVSS Score : 5.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26523

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other user accounts.

CVSS Score : 7.4
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26522

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses.

Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.

CVSS Score : 7.5
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26519

musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.

CVSS Score : 8.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.

CVSS Score : 0.0
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-25988

Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.

CVSS Score : 0.0
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-25745

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.

CVSS Score : 8.8
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-25740

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.

CVSS Score : 0.0
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24700

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24699

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24692

Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24688

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24641

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS. This issue affects Better WishList API: from n/a through 1.1.3.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24617

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter allows Reflected XSS. This issue affects AcyMailing SMTP Newsletter: from n/a through n/a.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24616

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS. This issue affects Uix Page Builder: from n/a through 1.7.3.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24615

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat allows Reflected XSS. This issue affects Analytics Cat: from n/a through 1.1.2.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.

CVE-2025-24614

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agileLogix Post Timeline allows Reflected XSS. This issue affects Post Timeline: from n/a through 2.3.9.

CVSS Score : 7.1
Exploit Availability: Not available
Reference: You are not allowed to view links. Register or Login to view.
[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]



Users browsing this thread: 1 Guest(s)