marzo 2025 - Página 168 de 185

4 Mar 2025

CVE-2025-24309

Título es
CVE-2025-24309

Mar, 04/03/2025 – 04:15

Tipo
CWE-787

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-24309

Descripción en
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-24301

Título es
CVE-2025-24301

Mar, 04/03/2025 – 04:15

Tipo
CWE-416

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-24301

Descripción en
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-23420

Título es
CVE-2025-23420

Mar, 04/03/2025 – 04:15

Tipo
CWE-787

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-23420

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-23418

Título es
CVE-2025-23418

Mar, 04/03/2025 – 04:15

Tipo
CWE-125

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-23418

Descripción en
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
3.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-23414

Título es
CVE-2025-23414

Mar, 04/03/2025 – 04:15

Tipo
CWE-416

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-23414

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1306

Título es
CVE-2025-1306

Mar, 04/03/2025 – 05:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1306

Descripción en
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://themes.trac.wordpress.org/browser/newscrunch/1.8.3/functions.php#L486

https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch

https://www.wordfence.com/threat-intel/vulnerabilities/id/1c507681-61e9-4bf0-8fe5-e2f401a7a8be?source=cve

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1906

Título es
CVE-2025-1906

Mar, 04/03/2025 – 05:15

Tipo
CWE-74

Gravedad v2.0
5.80

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1906

Descripción en
A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:M/C:P/I:P/A:P

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
4.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/HaroldFinch-L/CVE/issues/2

https://phpgurukul.com/

https://vuldb.com/?ctiid_298426=

https://vuldb.com/?id_298426=

https://vuldb.com/?submit_508915=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1905

Título es
CVE-2025-1905

Mar, 04/03/2025 – 05:15

Tipo
CWE-79

Gravedad v2.0
4.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1905

Descripción en
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:P/A:N

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
3.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md

https://vuldb.com/?ctiid_298425=

https://vuldb.com/?id_298425=

https://vuldb.com/?submit_508301=

https://www.sourcecodester.com/

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1904

Título es
CVE-2025-1904

Mar, 04/03/2025 – 05:15

Tipo
CWE-79

Gravedad v2.0
4.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1904

Descripción en
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /Blood/A+.php. The manipulation of the argument Availibility leads to cross site scripting. The attack may be launched remotely.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:P/A:N

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
3.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://code-projects.org/

https://github.com/lokihardk/cve/blob/main/xss-2_25.md

https://vuldb.com/?ctiid_298424=

https://vuldb.com/?id_298424=

https://vuldb.com/?submit_506868=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1307

Título es
CVE-2025-1307

Mar, 04/03/2025 – 05:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1307

Descripción en
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://themes.trac.wordpress.org/browser/newscrunch/1.8.3/functions.php#L486

https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch

https://www.wordfence.com/threat-intel/vulnerabilities/id/b55567e9-24e6-4738-b7f7-b95b541e6067?source=cve

Enviar en el boletín
Off

Archivos mensuales: marzo 2025