Security Vulnerabilities - CVEs Published In February 2025
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-06
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.003
Published
2025-02-06
Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.7
EPSS Score
0.004
Published
2025-02-06
Microsoft Edge for IOS and Android Spoofing Vulnerability
CVSS Score
5.3
EPSS Score
0.003
Published
2025-02-06
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.4
EPSS Score
0.001
Published
2025-02-06
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-02-06
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-02-06
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-02-06
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-06
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-02-06