Security Vulnerabilities - CVEs Published In February 2025
Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-03
ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-02-03
The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-02-03
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-03
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-02-03
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-03
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-02-03
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-02-03
lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
CVSS Score
6.5
EPSS Score
0.0
Published
2025-02-03
Memory corruption can occur in the camera when an invalid CID is used.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-02-03