CVE-2025-2973

CVE-2025-2973

Título es
CVE-2025-2973

Lun, 31/03/2025 – 03:15

Tipo
CWE-284

Gravedad v2.0
6.50

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2025-2973

Descripción en
A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

31/03/2025
31/03/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0
AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0
5.30

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://code-projects.org/

  • https://github.com/hak0neP/cve/blob/main/cve-RCE.md

  • https://vuldb.com/?ctiid_302025=

  • https://vuldb.com/?id_302025=

  • https://vuldb.com/?submit_522478=

    • Enviar en el boletín
    Off

    CVE-2025-2972

    CVE-2025-2972

    Título es
    CVE-2025-2972

    Lun, 31/03/2025 – 03:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2972

    Descripción en
    A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc10.md

  • https://vuldb.com/?ctiid_302024=

  • https://vuldb.com/?id_302024=

  • https://vuldb.com/?submit_522423=

    • Enviar en el boletín
    Off

    CVE-2025-2964

    CVE-2025-2964

    Título es
    CVE-2025-2964

    Dom, 30/03/2025 – 23:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2964

    Descripción en
    A vulnerability, which was classified as problematic, was found in ConcreteCMS up to 9.3.9. Affected is the function Save of the component FAQ Block Handler. The manipulation of the argument Navigation/Title Text/Description Source leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc2.md

  • https://vuldb.com/?ctiid_302016=

  • https://vuldb.com/?id_302016=

  • https://vuldb.com/?submit_522414=

    • Enviar en el boletín
    Off

    CVE-2025-2965

    CVE-2025-2965

    Título es
    CVE-2025-2965

    Dom, 30/03/2025 – 23:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2965

    Descripción en
    A vulnerability has been found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this vulnerability is the function Save of the component Accordion Block Handler. The manipulation of the argument Title/Body Source leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc3.md

  • https://vuldb.com/?ctiid_302017=

  • https://vuldb.com/?id_302017=

  • https://vuldb.com/?submit_522415=

    • Enviar en el boletín
    Off

    CVE-2025-2966

    CVE-2025-2966

    Título es
    CVE-2025-2966

    Lun, 31/03/2025 – 00:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2966

    Descripción en
    A vulnerability was found in ConcreteCMS up to 9.3.9 and classified as problematic. Affected by this issue is the function Save of the component Content Block Handler. The manipulation of the argument Source leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc4.md

  • https://vuldb.com/?ctiid_302018=

  • https://vuldb.com/?id_302018=

  • https://vuldb.com/?submit_522416=

    • Enviar en el boletín
    Off

    CVE-2025-2968

    CVE-2025-2968

    Título es
    CVE-2025-2968

    Lun, 31/03/2025 – 01:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2968

    Descripción en
    A vulnerability was found in ConcreteCMS up to 9.3.9. It has been declared as problematic. This vulnerability affects the function Save of the component Feature Block Handler. The manipulation of the argument Paragraph Source leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc6.md

  • https://vuldb.com/?ctiid_302020=

  • https://vuldb.com/?id_302020=

  • https://vuldb.com/?submit_522418=

    • Enviar en el boletín
    Off

    CVE-2025-2967

    CVE-2025-2967

    Título es
    CVE-2025-2967

    Lun, 31/03/2025 – 01:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2967

    Descripción en
    A vulnerability was found in ConcreteCMS up to 9.3.9. It has been classified as problematic. This affects the function Save of the component HTML Block Handler. The manipulation of the argument content leads to HTML injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc5.md

  • https://vuldb.com/?ctiid_302019=

  • https://vuldb.com/?id_302019=

  • https://vuldb.com/?submit_522417=

    • Enviar en el boletín
    Off

    CVE-2025-2958

    CVE-2025-2958

    Título es
    CVE-2025-2958

    Dom, 30/03/2025 – 20:15

    Tipo
    CWE-404

    Gravedad v2.0
    6.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2958

    Descripción en
    A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    30/03/2025
    30/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:A/AC:L/Au:N/C:N/I:N/A:C

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.google.com/document/d/1DHUsUpeizmqFbJe_0SjsJvCFspPeFDaK/edit#heading=h.gjdgxs

  • https://drive.google.com/file/d/1SbZ63uqg6QJYjPFcLY5wBqWrh-NMrnZq/view?usp=drive_link

  • https://vuldb.com/?ctiid_302011=

  • https://vuldb.com/?id_302011=

  • https://vuldb.com/?submit_521723=

    • Enviar en el boletín
    Off

    CVE-2025-2959

    CVE-2025-2959

    Título es
    CVE-2025-2959

    Dom, 30/03/2025 – 21:15

    Tipo
    CWE-404

    Gravedad v2.0
    6.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2959

    Descripción en
    A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    30/03/2025
    30/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:A/AC:L/Au:N/C:N/I:N/A:C

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.google.com/document/d/1PcJZQ364MQxz1eUt6PLnWIQYTLNuJ5_3/edit#heading=h.gjdgxs

  • https://drive.google.com/file/d/1idRNkvFHyh5vOxw2VIs2wcwdVOVLuqkG/view?usp=drive_link

  • https://vuldb.com/?ctiid_302012=

  • https://vuldb.com/?id_302012=

  • https://vuldb.com/?submit_521725=

    • Enviar en el boletín
    Off

    CVE-2025-2960

    CVE-2025-2960

    Título es
    CVE-2025-2960

    Dom, 30/03/2025 – 21:15

    Tipo
    CWE-404

    Gravedad v2.0
    6.10

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-2960

    Descripción en
    A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    30/03/2025
    30/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Vector CVSS:2.0
    AV:A/AC:L/Au:N/C:N/I:N/A:C

    Gravedad 4.0
    7.10

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs

  • https://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link

  • https://vuldb.com/?ctiid_302013=

  • https://vuldb.com/?id_302013=

  • https://vuldb.com/?submit_521727=

    • Enviar en el boletín
    Off