Security Vulnerabilities - CVEs Published In March 2025
Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
CVSS Score
6.1
EPSS Score
0.001
Published
2025-03-13
Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-03-13
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-03-13
Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-13
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0
and earlier allows an authenticated user to bypass the browser extension restriction feature.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-03-13
Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-13
Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-13
Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-13
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443)
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-13
The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.
CVSS Score
5.4
EPSS Score
0.008
Published
2025-03-13