Security Vulnerabilities - CVEs Published In February 2025
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.
CVSS Score
4.7
EPSS Score
0.001
Published
2025-02-28
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-02-28
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-27
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-27
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-02-27
Infoblox NIOS through 8.6.4 executes with more privileges than required.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-27
ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-27
In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-02-27
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-02-27
In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-02-27