CVE-2025-26916

CVE-2025-26916

Título es
CVE-2025-26916

Lun, 10/03/2025 – 15:15

Tipo
CWE-98

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-26916

Descripción en
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.

10/03/2025

10/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias


  • https://patchstack.com/database/wordpress/theme/massive-dynamic/vulnerability/wordpress-massive-dynamic-theme-8-2-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-26910

    CVE-2025-26910

    Título es
    CVE-2025-26910

    Lun, 10/03/2025 – 15:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26910

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.

    10/03/2025

    10/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-25614

    CVE-2025-25614

    Título es
    CVE-2025-25614

    Lun, 10/03/2025 – 15:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25614

    Descripción en
    Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.

    10/03/2025

    10/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/armaansidana2003/CVE-2025-25614

  • https://github.com/changeweb/Unifiedtransform

    • Enviar en el boletín
    Off

    CVE-2025-26936

    CVE-2025-26936

    Título es
    CVE-2025-26936

    Lun, 10/03/2025 – 15:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26936

    Descripción en
    Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0.

    10/03/2025

    10/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    10.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias


  • https://patchstack.com/database/wordpress/plugin/fresh-framework/vulnerability/wordpress-fresh-framework-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-52905

    CVE-2024-52905

    Título es
    CVE-2024-52905

    Lun, 10/03/2025 – 16:15

    Tipo
    CWE-497

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-52905

    Descripción en
    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.

    10/03/2025

    10/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://www.ibm.com/support/pages/node/7185264

    • Enviar en el boletín
    Off

    CVE-2024-47109

    CVE-2024-47109

    Título es
    CVE-2024-47109

    Lun, 10/03/2025 – 16:15

    Tipo
    CWE-522

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47109

    Descripción en
    IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.

    10/03/2025

    10/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7185259

    • Enviar en el boletín
    Off

    CVE-2025-25977

    CVE-2025-25977

    Título es
    CVE-2025-25977

    Lun, 10/03/2025 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25977

    Descripción en
    An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.

    10/03/2025

    10/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/canvg/canvg/issues/1749

    • Enviar en el boletín
    Off

    CVE-2025-25940

    CVE-2025-25940

    Título es
    CVE-2025-25940

    Lun, 10/03/2025 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25940

    Descripción en
    VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.

    10/03/2025

    10/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/t-oster/VisiCut

  • https://royblume.github.io/CVE-2025-25940/

    • Enviar en el boletín
    Off

    CVE-2025-25382

    CVE-2025-25382

    Título es
    CVE-2025-25382

    Lun, 10/03/2025 – 16:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25382

    Descripción en
    An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.

    10/03/2025

    10/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/edwin-0990/CVE_ID/blob/main/CVE-2025-25382/README.md

  • https://tax.lsgkerala.gov.in/epayment/QuickPaySearch.php

    • Enviar en el boletín
    Off

    CVE-2025-2148

    CVE-2025-2148

    Título es
    CVE-2025-2148

    Lun, 10/03/2025 – 12:15

    Tipo
    CWE-119

    Gravedad v2.0
    5.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2148

    Descripción en
    A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

    10/03/2025

    10/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:H/Au:N/C:P/I:P/A:P

    Gravedad 4.0
    2.30

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/pytorch/pytorch/issues/147722

  • https://vuldb.com/?ctiid_299059=

  • https://vuldb.com/?id_299059=

  • https://vuldb.com/?submit_505959=

  • https://github.com/pytorch/pytorch/issues/147722

    • Enviar en el boletín
    Off