CVE-2025-1572

CVE-2025-1572

Título es
CVE-2025-1572

Vie, 28/02/2025 – 08:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1572

Descripción en
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

28/02/2025

28/02/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/trunk/app/controllers/KCPatientController.php#L330

  • https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/trunk/app/controllers/KCPatientController.php#L331

  • https://plugins.trac.wordpress.org/changeset/3245759/

  • https://plugins.trac.wordpress.org/changeset/3245759/kivicare-clinic-management-system/trunk/app/controllers/KCPatientController.php

  • KiviCare – Clinic & Patient Management System (EHR)



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6b0c35-b478-4616-a708-1fd243c95c14?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-54173

    CVE-2024-54173

    Título es
    CVE-2024-54173

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-1323

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-54173

    Descripción en
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183370

    • Enviar en el boletín
    Off

    CVE-2025-23225

    CVE-2025-23225

    Título es
    CVE-2025-23225

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-230

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23225

    Descripción en
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183372

    • Enviar en el boletín
    Off

    CVE-2025-0975

    CVE-2025-0975

    Título es
    CVE-2025-0975

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-150

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0975

    Descripción en
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.ibm.com/support/pages/node/7183467

    • Enviar en el boletín
    Off

    CVE-2025-0823

    CVE-2025-0823

    Título es
    CVE-2025-0823

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0823

    Descripción en
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183676

    • Enviar en el boletín
    Off

    CVE-2024-56340

    CVE-2024-56340

    Título es
    CVE-2024-56340

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-23

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56340

    Descripción en
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183676

    • Enviar en el boletín
    Off

    CVE-2025-1744

    CVE-2025-1744

    Título es
    CVE-2025-1744

    Vie, 28/02/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1744

    Descripción en
    Out-of-bounds Write vulnerability in radareorg radare2 allows

    heap-based buffer over-read or buffer overflow.This issue affects radare2: before

    28/02/2025

    28/02/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    10.00

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/radareorg/radare2/pull/23969

    • Enviar en el boletín
    Off

    CVE-2024-13796

    CVE-2024-13796

    Título es
    CVE-2024-13796

    Vie, 28/02/2025 – 05:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13796

    Descripción en
    The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/functions-rest.php?rev=3242718#L2055

  • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3245187%40post-grid&new=3245187%40post-grid

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/0407223a-cd41-43d1-87b0-d6b83b57d4b3?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-1505

    CVE-2025-1505

    Título es
    CVE-2025-1505

    Vie, 28/02/2025 – 05:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1505

    Descripción en
    The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset/3245830/woocommerce-ajax-filters/trunk/includes/wizard.php

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/94b289bf-0ef1-47d1-98bd-8f7bb753c2bc?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-0801

    CVE-2025-0801

    Título es
    CVE-2025-0801

    Vie, 28/02/2025 – 05:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0801

    Descripción en
    The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official

  • RateMyAgent Official



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve

    • Enviar en el boletín
    Off