CyberSecurityBoard
Sponsor Register Login

CVE-2025-2194

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Publication date: Tue, 11 Mar 2025 13:31:00 +0000


Cyber News related to CVE-2025-2194

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
1 month ago Cybersecuritynews.com CVE-2024-5594
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
2 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
3 weeks ago Bleepingcomputer.com CVE-2025-30456
CVE-2025-2194 - A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads ...
1 month ago
CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data - In an era where file system vulnerabilities comprise 23% of KEV entries, the March 2025 advisories serve as a stark reminder: patch, segment, and verify—before attackers exploit the gaps. These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993, ...
1 month ago Cybersecuritynews.com CVE-2025-24984
CVE-2002-2194 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1589. Reason: This candidate is a duplicate of CVE-2002-1589. Notes: All CVE users should reference CVE-2002-1589 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com
CVE-2013-2196 - Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not ...
10 years ago
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors - Vulnerabilities in three WordPress plugins are being exploited to inject malicious scripts and backdoors into websites, according to a warning from Fastly. The flaws can be exploited to execute unauthenticated stored cross-site scripting attacks, ...
10 months ago Securityweek.com CVE-2024-2194 CVE-2023-6961 CVE-2023-40000
CVE-2017-2194 - Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago
CVE-2009-2194 - Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related ...
7 years ago
CVE-2011-2194 - Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer ...
7 years ago
CVE-2008-2194 - SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. ...
7 years ago
CVE-2007-2194 - Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. ...
7 years ago
CVE-2012-2194 - Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. ...
7 years ago
CVE-2006-2194 - The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user ...
5 years ago
CVE-2021-2194 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via ...
2 years ago
CVE-2004-2194 - MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands. ...
16 years ago
CVE-2011-4142 - The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these ...
13 years ago
CVE-2014-2194 - system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity. ...
10 years ago
CVE-2013-2194 - Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. ...
10 years ago
CVE-2015-2194 - Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save ...
8 years ago
CVE-2016-2194 - The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. ...
7 years ago
CVE-2005-2194 - Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. ...
7 years ago
CVE-2019-2194 - In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ...
4 years ago
CVE-2022-2194 - The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)