Security Vulnerabilities - CVEs Published In February 2025
An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-02-21
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /message.php. The attack can use SQL injection to obtain sensitive data.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-02-21
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-21
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-02-21
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-21
A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.
CVSS Score
9.8
EPSS Score
0.009
Published
2025-02-21
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.
CVSS Score
8.6
EPSS Score
0.003
Published
2025-02-21
A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-02-21
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-02-21
An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-02-21