CVE-2025-1845

CVE-2025-1845

Título es
CVE-2025-1845

Lun, 03/03/2025 – 02:15

Tipo
CWE-74

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-1845

Descripción en
A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

03/03/2025

03/03/2025

Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://github.com/666lail/report/blob/main/tmp/2.md

  • https://vuldb.com/?ctiid_298111=

  • https://vuldb.com/?id_298111=

  • https://vuldb.com/?submit_505009=

    • Enviar en el boletín
    Off

    CVE-2025-1844

    CVE-2025-1844

    Título es
    CVE-2025-1844

    Lun, 03/03/2025 – 02:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1844

    Descripción en
    A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    03/03/2025

    03/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/666lail/report/blob/main/tmp/1.md

  • https://vuldb.com/?ctiid_298110=

  • https://vuldb.com/?id_298110=

  • https://vuldb.com/?submit_505008=

    • Enviar en el boletín
    Off

    CVE-2025-1830

    CVE-2025-1830

    Título es
    CVE-2025-1830

    Dom, 02/03/2025 – 20:15

    Tipo
    CWE-79

    Gravedad v2.0
    3.30

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-1830

    Descripción en
    A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    02/03/2025

    02/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:N/I:P/A:N

    Gravedad 4.0
    4.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://github.com/caigo8/CVE-md/blob/main/zz/zz_xss1.md

  • https://vuldb.com/?ctiid_298097=

  • https://vuldb.com/?id_298097=

  • https://vuldb.com/?submit_504790=

    • Enviar en el boletín
    Off

    CVE-2025-1831

    CVE-2025-1831

    Título es
    CVE-2025-1831

    Dom, 02/03/2025 – 20:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1831

    Descripción en
    A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    02/03/2025

    02/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/caigo8/CVE-md/blob/main/zz/ZZ_2024_8%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A52.md

  • https://vuldb.com/?ctiid_298098=

  • https://vuldb.com/?id_298098=

  • https://vuldb.com/?submit_504806=

    • Enviar en el boletín
    Off

    CVE-2025-1832

    CVE-2025-1832

    Título es
    CVE-2025-1832

    Dom, 02/03/2025 – 21:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1832

    Descripción en
    A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    02/03/2025

    02/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8_4%E5%90%8E%E5%8F%B0SQL%E6%B3%A8%E5%85%A5.md

  • https://vuldb.com/?ctiid_298099=

  • https://vuldb.com/?id_298099=

  • https://vuldb.com/?submit_504814=

    • Enviar en el boletín
    Off

    CVE-2025-1834

    CVE-2025-1834

    Título es
    CVE-2025-1834

    Dom, 02/03/2025 – 22:15

    Tipo
    CWE-284

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1834

    Descripción en
    A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    02/03/2025

    02/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/caigo8/CVE-md/blob/main/zz/zz_resolve%E6%8E%A5%E5%8F%A3%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md

  • https://vuldb.com/?ctiid_298101=

  • https://vuldb.com/?id_298101=

  • https://vuldb.com/?submit_504842=

    • Enviar en el boletín
    Off

    CVE-2025-1833

    CVE-2025-1833

    Título es
    CVE-2025-1833

    Dom, 02/03/2025 – 22:15

    Tipo
    CWE-918

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1833

    Descripción en
    A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    02/03/2025

    02/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8%E5%90%8E%E5%8F%B0SSRF.md

  • https://vuldb.com/?ctiid_298100=

  • https://vuldb.com/?id_298100=

  • https://vuldb.com/?submit_504833=

    • Enviar en el boletín
    Off

    CVE-2025-1836

    CVE-2025-1836

    Título es
    CVE-2025-1836

    Dom, 02/03/2025 – 23:15

    Tipo
    CWE-74

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1836

    Descripción en
    A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

    03/03/2025

    03/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://vuldb.com/?ctiid_298104=

  • https://vuldb.com/?id_298104=

  • https://vuldb.com/?submit_503070=

    • Enviar en el boletín
    Off

    CVE-2025-1835

    CVE-2025-1835

    Título es
    CVE-2025-1835

    Dom, 02/03/2025 – 23:15

    Tipo
    CWE-284

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1835

    Descripción en
    A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    03/03/2025

    03/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/sheratan4/cve/issues/1

  • https://vuldb.com/?ctiid_298102=

  • https://vuldb.com/?id_298102=

  • https://vuldb.com/?submit_505007=

    • Enviar en el boletín
    Off

    CVE-2024-36353

    CVE-2024-36353

    Título es
    CVE-2024-36353

    Dom, 02/03/2025 – 18:15

    Tipo
    CWE-459

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-36353

    Descripción en
    Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values, potentially leading to loss of confidentiality.

    02/03/2025

    02/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6019.html

    • Enviar en el boletín
    Off