CVE-2025-2965

CVE-2025-2965

Título es
CVE-2025-2965

Dom, 30/03/2025 – 23:15

Tipo
CWE-79

Gravedad v2.0
4.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2965

Descripción en
A vulnerability has been found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this vulnerability is the function Save of the component Accordion Block Handler. The manipulation of the argument Title/Body Source leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

31/03/2025
31/03/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:P/A:N

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
3.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc3.md

  • https://vuldb.com/?ctiid_302017=

  • https://vuldb.com/?id_302017=

  • https://vuldb.com/?submit_522415=

    • Enviar en el boletín
    Off

    CVE-2025-2966

    CVE-2025-2966

    Título es
    CVE-2025-2966

    Lun, 31/03/2025 – 00:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2966

    Descripción en
    A vulnerability was found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this issue is the function Save of the component Content Block Handler. The manipulation of the argument Source leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc4.md

  • https://vuldb.com/?ctiid_302018=

  • https://vuldb.com/?id_302018=

  • https://vuldb.com/?submit_522416=

    • Enviar en el boletín
    Off

    CVE-2025-2968

    CVE-2025-2968

    Título es
    CVE-2025-2968

    Lun, 31/03/2025 – 01:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2968

    Descripción en
    A vulnerability was found in ConcreteCMS up to 9.3.9. It has been declared as problematic. This vulnerability affects the function Save of the component Feature Block Handler. The manipulation of the argument Paragraph Source leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc6.md

  • https://vuldb.com/?ctiid_302020=

  • https://vuldb.com/?id_302020=

  • https://vuldb.com/?submit_522418=

    • Enviar en el boletín
    Off

    CVE-2025-2967

    CVE-2025-2967

    Título es
    CVE-2025-2967

    Lun, 31/03/2025 – 01:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2967

    Descripción en
    A vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md

  • https://vuldb.com/?ctiid_302019=

  • https://vuldb.com/?id_302019=

  • https://vuldb.com/?submit_522417=

    • Enviar en el boletín
    Off

    CVE-2025-2958

    CVE-2025-2958

    Título es
    CVE-2025-2958

    Dom, 30/03/2025 – 20:15

    Tipo
    CWE-404

    Gravedad v2.0
    6.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2958

    Descripción en
    A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    30/03/2025
    30/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:A/AC:L/Au:N/C:N/I:N/A:C

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.google.com/document/d/1DHUsUpeizmqFbJe_0SjsJvCFspPeFDaK/edit#heading=h.gjdgxs

  • https://drive.google.com/file/d/1SbZ63uqg6QJYjPFcLY5wBqWrh-NMrnZq/view?usp=drive_link

  • https://vuldb.com/?ctiid_302011=

  • https://vuldb.com/?id_302011=

  • https://vuldb.com/?submit_521723=

    • Enviar en el boletín
    Off

    CVE-2025-2959

    CVE-2025-2959

    Título es
    CVE-2025-2959

    Dom, 30/03/2025 – 21:15

    Tipo
    CWE-404

    Gravedad v2.0
    6.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2959

    Descripción en
    A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    30/03/2025
    30/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:A/AC:L/Au:N/C:N/I:N/A:C

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.google.com/document/d/1PcJZQ364MQxz1eUt6PLnWIQYTLNuJ5_3/edit#heading=h.gjdgxs

  • https://drive.google.com/file/d/1idRNkvFHyh5vOxw2VIs2wcwdVOVLuqkG/view?usp=drive_link

  • https://vuldb.com/?ctiid_302012=

  • https://vuldb.com/?id_302012=

  • https://vuldb.com/?submit_521725=

    • Enviar en el boletín
    Off

    CVE-2025-2960

    CVE-2025-2960

    Título es
    CVE-2025-2960

    Dom, 30/03/2025 – 21:15

    Tipo
    CWE-404

    Gravedad v2.0
    6.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2960

    Descripción en
    A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    30/03/2025
    30/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:A/AC:L/Au:N/C:N/I:N/A:C

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs

  • https://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link

  • https://vuldb.com/?ctiid_302013=

  • https://vuldb.com/?id_302013=

  • https://vuldb.com/?submit_521727=

    • Enviar en el boletín
    Off

    CVE-2024-13804

    CVE-2024-13804

    Título es
    CVE-2024-13804

    Dom, 30/03/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13804

    Descripción en
    Vulnerability in Hewlett Packard Enterprise HPE Insight Cluster Management Utility (CMU).This issue affects HPE Insight Cluster Management Utility (CMU): 8.2.

    31/03/2025
    31/03/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://red.0xbad53c.com/vulnerability-research/rce-in-hpe-insight-cluster-management-utility-cve-2024-13804

    • Enviar en el boletín
    Off

    CVE-2025-2963

    CVE-2025-2963

    Título es
    CVE-2025-2963

    Dom, 30/03/2025 – 22:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2963

    Descripción en
    A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. This issue affects the function addEditQuestion of the component Legacy Form Block Handler. The manipulation of the argument Question leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc1.md

  • https://vuldb.com/?ctiid_302015=

  • https://vuldb.com/?id_302015=

  • https://vuldb.com/?submit_522413=

    • Enviar en el boletín
    Off

    CVE-2025-2961

    CVE-2025-2961

    Título es
    CVE-2025-2961

    Dom, 30/03/2025 – 22:15

    Tipo
    CWE-23

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2961

    Descripción en
    A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function render_mav of the file /aa of the component org.noear.solon.core.handle.RenderManager. The manipulation of the argument template with the input ../org/example/HelloApp.class leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:N/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/Q16G/cve_detail/blob/main/solon/templateRCE.md

  • https://vuldb.com/?ctiid_302014=

  • https://vuldb.com/?id_302014=

  • https://vuldb.com/?submit_522380=

    • Enviar en el boletín
    Off