CVE-2025-0225

CVE-2025-0225

Título es
CVE-2025-0225

Dom, 05/01/2025 – 17:15

Tipo
CWE-23

Gravedad v2.0
4.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-0225

Descripción en
A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

05/01/2025
05/01/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:N/A:N

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://github.com/BxYQ/ld/blob/main/file_read4/poc.py

  • https://github.com/BxYQ/ld/tree/main/file_read4

  • https://vuldb.com/?ctiid_290215=

  • https://vuldb.com/?id_290215=

  • https://vuldb.com/?submit_474264=

    • Enviar en el boletín
    Off

    CVE-2025-0224

    CVE-2025-0224

    Título es
    CVE-2025-0224

    Dom, 05/01/2025 – 17:15

    Tipo
    CWE-200

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0224

    Descripción en
    A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:N/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://netsecfish.notion.site/Sensitive-Device-Information-Disclosure-in-Provision-ISR-DVR-1626b683e67c803881befbc730a93bf6?pvs=4

  • https://vuldb.com/?ctiid_290203=

  • https://vuldb.com/?id_290203=

  • https://vuldb.com/?submit_467085=

    • Enviar en el boletín
    Off

    CVE-2025-0226

    CVE-2025-0226

    Título es
    CVE-2025-0226

    Dom, 05/01/2025 – 18:15

    Tipo
    CWE-200

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0226

    Descripción en
    A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /collect/PortV4/downLoad.html. The manipulation of the argument path leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:N/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/BxYQ/ld/blob/main/file_read2/poc.py

  • https://github.com/BxYQ/ld/tree/main/file_read2

  • https://vuldb.com/?ctiid_290216=

  • https://vuldb.com/?id_290216=

  • https://vuldb.com/?submit_474265=

    • Enviar en el boletín
    Off

    CVE-2025-0227

    CVE-2025-0227

    Título es
    CVE-2025-0227

    Dom, 05/01/2025 – 18:15

    Tipo
    CWE-200

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0227

    Descripción en
    A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html. The manipulation of the argument path leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:N/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/BxYQ/ld/blob/main/file_read1/poc.py

  • https://github.com/BxYQ/ld/tree/main/file_read1

  • https://vuldb.com/?ctiid_290217=

  • https://vuldb.com/?id_290217=

  • https://vuldb.com/?submit_474266=

    • Enviar en el boletín
    Off

    CVE-2025-0228

    CVE-2025-0228

    Título es
    CVE-2025-0228

    Dom, 05/01/2025 – 19:15

    Tipo
    CWE-79

    Gravedad v2.0
    3.30

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-0228

    Descripción en
    A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://code-projects.org/

  • https://vuldb.com/?ctiid_290218=

  • https://vuldb.com/?id_290218=

  • https://vuldb.com/?submit_474049=

    • Enviar en el boletín
    Off

    CVE-2025-0229

    CVE-2025-0229

    Título es
    CVE-2025-0229

    Dom, 05/01/2025 – 20:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0229

    Descripción en
    A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation of the argument pid/t1/t2/t3/t4/t5/t6/t7 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://github.com/Huandtx/cve/blob/main/cve/sql1.md

  • https://vuldb.com/?ctiid_290225=

  • https://vuldb.com/?id_290225=

  • https://vuldb.com/?submit_474572=

    • Enviar en el boletín
    Off

    CVE-2025-0221

    CVE-2025-0221

    Título es
    CVE-2025-0221

    Dom, 05/01/2025 – 15:15

    Tipo
    CWE-404

    Gravedad v2.0
    4.60

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0221

    Descripción en
    A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:L/AC:L/Au:S/C:N/I:N/A:C

    Gravedad 4.0
    6.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://shareforall.notion.site/IOBit-Protected-Folder-pffilter-0x22200C-NPD-DOS-15260437bb1e80b2a477d42396d5d06c

  • https://vuldb.com/?ctiid_290200=

  • https://vuldb.com/?id_290200=

  • https://vuldb.com/?submit_466955=

    • Enviar en el boletín
    Off

    CVE-2024-13141

    CVE-2024-13141

    Título es
    CVE-2024-13141

    Dom, 05/01/2025 – 15:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-13141

    Descripción en
    A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/Hebing123/cve/issues/83

  • https://vuldb.com/?ctiid_290224=

  • https://vuldb.com/?id_290224=

  • https://vuldb.com/?submit_468645=

    • Enviar en el boletín
    Off

    CVE-2025-0223

    CVE-2025-0223

    Título es
    CVE-2025-0223

    Dom, 05/01/2025 – 16:15

    Tipo
    CWE-404

    Gravedad v2.0
    4.60

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0223

    Descripción en
    A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:L/AC:L/Au:S/C:N/I:N/A:C

    Gravedad 4.0
    6.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://shareforall.notion.site/IOBit-Uninstaller-IURegistryFilter-0x8001E000-NPD-DOS-15260437bb1e80e482e0e3c9b22b58d0

  • https://vuldb.com/?ctiid_290202=

  • https://vuldb.com/?id_290202=

  • https://vuldb.com/?submit_466963=

    • Enviar en el boletín
    Off

    CVE-2025-0222

    CVE-2025-0222

    Título es
    CVE-2025-0222

    Dom, 05/01/2025 – 16:15

    Tipo
    CWE-404

    Gravedad v2.0
    4.60

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-0222

    Descripción en
    A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    05/01/2025
    05/01/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:L/AC:L/Au:S/C:N/I:N/A:C

    Gravedad 4.0
    6.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://shareforall.notion.site/IOBit-Uninstaller-IUProcessFilter-0x8001E000-NPD-DOS-15260437bb1e809c81bbc484c53b17bc

  • https://vuldb.com/?ctiid_290201=

  • https://vuldb.com/?id_290201=

  • https://vuldb.com/?submit_466956=

    • Enviar en el boletín
    Off