Security Vulnerabilities - CVEs Published In February 2025
An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-02-07
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-02-07
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE
CVSS Score
8.7
EPSS Score
0.003
Published
2025-02-07
A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks.
Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests,
a valid HTTP request can also be sent to Kvrocks as a valid RESP request
and trigger some database operations, which can be dangerous when
it is chained with SSRF.
It is similiar to CVE-2016-10517 in Redis.
This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0.
Users are recommended to upgrade to version 2.11.1, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-02-07
Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-07
Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-02-07
Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-07
Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-07
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.
CVSS Score
7.5
EPSS Score
0.129
Published
2025-02-07
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-07