Security Vulnerabilities - CVEs Published In February 2025
Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-02-07
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-07
Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-07
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-07
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-07
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-02-07
An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-02-07
An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-02-07
A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.1
EPSS Score
0.096
Published
2025-02-07
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE
CVSS Score
8.7
EPSS Score
0.004
Published
2025-02-07