Security Vulnerabilities - CVEs Published In March 2025
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-11
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-11
Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-11
Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-11
Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-11
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-11
Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-11
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-11
Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-11
Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-03-11