marzo 2025 - Página 5 de 185

31 Mar 2025

CVE-2025-2997

Título es

CVE-2025-2997

Lun, 31/03/2025 – 14:15

Tipo

CWE-918

Gravedad v2.0

6.50

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2025-2997

Descripción en

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

31/03/2025

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0

5.30

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/exp3n5ive/Vul/blob/main/youkefu/youkefu.pdf

https://vuldb.com/?ctiid_302046=

https://vuldb.com/?id_302046=

https://vuldb.com/?submit_524009=

Enviar en el boletín

Off

31 Mar 2025

CVE-2023-33302

Título es

CVE-2023-33302

Lun, 31/03/2025 – 15:15

Tipo

CWE-120

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2023-33302

Descripción en

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

31/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

4.70

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://fortiguard.fortinet.com/psirt/FG-IR-21-023

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-22939

Título es

CVE-2025-22939

Lun, 31/03/2025 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22939

Descripción en

A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands.

31/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-22938

Título es

CVE-2025-22938

Lun, 31/03/2025 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22938

Descripción en

Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords.

31/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-22937

Título es

CVE-2025-22937

Lun, 31/03/2025 – 15:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22937

Descripción en

An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.

31/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-31617

Título es

CVE-2025-31617

Lun, 31/03/2025 – 13:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-31617

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.

31/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/postmarkapp-email-integrator/vulnerability/wordpress-postmarkapp-email-integrator-plugin-2-4-csrf-to-stored-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-31616

Título es

CVE-2025-31616

Lun, 31/03/2025 – 13:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-31616

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7.

31/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/varnish-wp/vulnerability/wordpress-varnish-wordpress-plugin-1-7-csrf-to-stored-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-31625

Título es

CVE-2025-31625

Lun, 31/03/2025 – 13:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-31625

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8.

31/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/useinfluence/vulnerability/wordpress-useinfluence-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-31624

Título es

CVE-2025-31624

Lun, 31/03/2025 – 13:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-31624

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LABCAT Processing Projects allows DOM-Based XSS. This issue affects Processing Projects: from n/a through 1.0.2.

31/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/processing-projects/vulnerability/wordpress-processing-projects-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

31 Mar 2025

CVE-2025-31623

Título es

CVE-2025-31623

Lun, 31/03/2025 – 13:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-31623

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.

31/03/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/richtexteditor/vulnerability/wordpress-rich-text-editor-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

Archivos mensuales: marzo 2025