marzo 2025 - Página 169 de 185

4 Mar 2025

CVE-2025-1902

Título es
CVE-2025-1902

Mar, 04/03/2025 – 04:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2025-1902

Descripción en
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://github.com/panghuanjie/Code-audits/issues/3

https://phpgurukul.com/

https://vuldb.com/?ctiid_298420=

https://vuldb.com/?id_298420=

https://vuldb.com/?submit_506623=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1901

Título es
CVE-2025-1901

Mar, 04/03/2025 – 04:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2025-1901

Descripción en
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://github.com/chenzi-dynasty/CVE/issues/1

https://phpgurukul.com/

https://vuldb.com/?ctiid_298419=

https://vuldb.com/?id_298419=

https://vuldb.com/?submit_506612=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-27221

Título es
CVE-2025-27221

Mar, 04/03/2025 – 00:15

Tipo
CWE-212

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27221

Descripción en
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
3.20

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/uri/CVE-2025-27221.yml

https://hackerone.com/reports/2957667

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-27220

Título es
CVE-2025-27220

Mar, 04/03/2025 – 00:15

Tipo
CWE-1333

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27220

Descripción en
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

04/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
4.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml

https://hackerone.com/reports/2890322

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1695

Título es
CVE-2025-1695

Mar, 04/03/2025 – 01:15

Tipo
CWE-835

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1695

Descripción en
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS). There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://my.f5.com/manage/s/article/K000149959

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1893

Título es
CVE-2025-1893

Mar, 04/03/2025 – 01:15

Tipo
CWE-404

Gravedad v2.0
4.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1893

Descripción en
A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component UDM Subscriber Data Management. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named e31e9965f00d9c744a7f728497cb4f3e97744ee8. It is recommended to apply a patch to fix this issue.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/open5gs/open5gs/commit/e31e9965f00d9c744a7f728497cb4f3e97744ee8

https://github.com/open5gs/open5gs/issues/3707

https://github.com/open5gs/open5gs/issues/3707#issue-2833194192

https://github.com/open5gs/open5gs/issues/3707#issuecomment-2639620554

https://vuldb.com/?ctiid_298411=

https://vuldb.com/?id_298411=

https://vuldb.com/?submit_505952=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1892

Título es
CVE-2025-1892

Mar, 04/03/2025 – 01:15

Tipo
CWE-79

Gravedad v2.0
3.30

Gravedad 2.0 Txt
LOW

Título en

CVE-2025-1892

Descripción en
A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The manipulation of the argument folderName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:M/C:N/I:P/A:N

Gravedad 4.0
4.80

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
2.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias

https://github.com/caigo8/CVE-md/blob/main/shishuocms/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md

https://vuldb.com/?ctiid_298410=

https://vuldb.com/?id_298410=

https://vuldb.com/?submit_505754=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1894

Título es
CVE-2025-1894

Mar, 04/03/2025 – 02:15

Tipo
CWE-74

Gravedad v2.0
7.50

Gravedad 2.0 Txt
HIGH

Título en

CVE-2025-1894

Descripción en
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:P/A:P

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://github.com/Maochuyue/cve/issues/1

https://phpgurukul.com/

https://vuldb.com/?ctiid_298412=

https://vuldb.com/?id_298412=

https://vuldb.com/?submit_506592=

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1898

Título es
CVE-2025-1898

Mar, 04/03/2025 – 02:15

Tipo
CWE-119

Gravedad v2.0
6.80

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1898

Descripción en
A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:N/A:C

Gravedad 4.0
7.10

Gravedad 4.0 txt
HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_4.pdf

https://vuldb.com/?ctiid_298416=

https://vuldb.com/?id_298416=

https://vuldb.com/?submit_506606=

https://www.tenda.com.cn/

Enviar en el boletín
Off

4 Mar 2025

CVE-2025-1897

Título es
CVE-2025-1897

Mar, 04/03/2025 – 02:15

Tipo
CWE-119

Gravedad v2.0
6.80

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1897

Descripción en
A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

04/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:N/I:N/A:C

Gravedad 4.0
7.10

Gravedad 4.0 txt
HIGH

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_3.pdf

https://vuldb.com/?ctiid_298415=

https://vuldb.com/?id_298415=

https://vuldb.com/?submit_506604=

https://www.tenda.com.cn/