CVE-2025-2341

CVE-2025-2341

Título es
CVE-2025-2341

Dom, 16/03/2025 – 15:15

Tipo
CWE-1392

Gravedad v2.0
1.80

Gravedad 2.0 Txt
LOW

Título en

CVE-2025-2341

Descripción en
A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

16/03/2025

16/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Vector CVSS:2.0
AV:A/AC:H/Au:N/C:P/I:N/A:N

Gravedad 4.0
2.30

Gravedad 4.0 txt
LOW

Gravedad 3.1 (CVSS 3.1 Base Score)
3.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
LOW

Referencias


  • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-1-default-credentials-for-ssid-cwe-1393

  • https://vuldb.com/?ctiid_299807=

  • https://vuldb.com/?id_299807=

  • https://vuldb.com/?submit_512418=

    • Enviar en el boletín
    Off

    CVE-2025-2342

    CVE-2025-2342

    Título es
    CVE-2025-2342

    Dom, 16/03/2025 – 16:15

    Tipo
    CWE-259

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2342

    Descripción en
    A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    16/03/2025

    16/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:N/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-2-hardcoded-credentials-in-apk-iroad–v525-to-ports-9091-and-9092

  • https://vuldb.com/?ctiid_299808=

  • https://vuldb.com/?id_299808=

  • https://vuldb.com/?submit_512419=

    • Enviar en el boletín
    Off

    CVE-2025-2338

    CVE-2025-2338

    Título es
    CVE-2025-2338

    Dom, 16/03/2025 – 13:15

    Tipo
    CWE-119

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-2338

    Descripción en
    A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

    16/03/2025

    16/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/tbeu/matio/issues/269

  • https://github.com/tbeu/matio/issues/269#issue-2883920922

  • https://vuldb.com/?ctiid_299802=

  • https://vuldb.com/?id_299802=

  • https://vuldb.com/?submit_510781=

    • Enviar en el boletín
    Off

    CVE-2025-2339

    CVE-2025-2339

    Título es
    CVE-2025-2339

    Dom, 16/03/2025 – 13:15

    Tipo
    CWE-287

    Gravedad v2.0
    5.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2339

    Descripción en
    A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

    16/03/2025

    16/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:N/A:N

    Gravedad 4.0
    6.90

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/qkdjksfkeg/cve_article/blob/main/Tale/Unauthorized.md

  • https://vuldb.com/?ctiid_299805=

  • https://vuldb.com/?id_299805=

  • https://vuldb.com/?submit_511578=

    • Enviar en el boletín
    Off

    CVE-2025-2340

    CVE-2025-2340

    Título es
    CVE-2025-2340

    Dom, 16/03/2025 – 14:15

    Tipo
    CWE-79

    Gravedad v2.0
    3.30

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-2340

    Descripción en
    A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

    16/03/2025

    16/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:N/I:P/A:N

    Gravedad 4.0
    4.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://github.com/qkdjksfkeg/cve_article/blob/main/Tale/XSS.md

  • https://vuldb.com/?ctiid_299806=

  • https://vuldb.com/?id_299806=

  • https://vuldb.com/?submit_514793=

    • Enviar en el boletín
    Off

    CVE-2025-2337

    CVE-2025-2337

    Título es
    CVE-2025-2337

    Dom, 16/03/2025 – 10:15

    Tipo
    CWE-119

    Gravedad v2.0
    7.50

    Gravedad 2.0 Txt
    HIGH

    Título en

    CVE-2025-2337

    Descripción en
    A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

    16/03/2025

    16/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/tbeu/matio/issues/267

  • https://github.com/tbeu/matio/issues/267#issue-2883856488

  • https://vuldb.com/?ctiid_299801=

  • https://vuldb.com/?id_299801=

  • https://vuldb.com/?submit_510779=

    • Enviar en el boletín
    Off

    CVE-2024-13126

    CVE-2024-13126

    Título es
    CVE-2024-13126

    Dom, 16/03/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13126

    Descripción en
    The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

    16/03/2025

    16/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://wpscan.com/vulnerability/c2c69a44-4ecc-41d1-a10c-cfe9c875b803/

    • Enviar en el boletín
    Off

    CVE-2025-1622

    CVE-2025-1622

    Título es
    CVE-2025-1622

    Dom, 16/03/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1622

    Descripción en
    The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

    16/03/2025

    16/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://wpscan.com/vulnerability/7a903d61-2792-4fe0-a26b-f400f4a3124b/

    • Enviar en el boletín
    Off

    CVE-2025-1621

    CVE-2025-1621

    Título es
    CVE-2025-1621

    Dom, 16/03/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1621

    Descripción en
    The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

    16/03/2025

    16/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://wpscan.com/vulnerability/c30b9631-2024-4081-9cc5-8294a77c5ebb/

    • Enviar en el boletín
    Off

    CVE-2025-1620

    CVE-2025-1620

    Título es
    CVE-2025-1620

    Dom, 16/03/2025 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1620

    Descripción en
    The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

    16/03/2025

    16/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://wpscan.com/vulnerability/923db805-92e7-4489-8e57-374a19f817d7/

    • Enviar en el boletín
    Off