Security Vulnerabilities - CVEs Published In March 2025
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-10
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-03-10
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-03-10
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-10
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Score
5.0
EPSS Score
0.001
Published
2025-03-10
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
CVSS Score
4.3
EPSS Score
0.002
Published
2025-03-10
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.
It's a regression between 18.12.17 and 18.12.18.
In case you use something like that, which is not recommended!
For security, only official releases should be used.
In other words, if you use 18.12.17 you are still safe.
The version 18.12.17 is not a affected.
But something between 18.12.17 and 18.12.18 is.
In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.
CVSS Score
3.5
EPSS Score
0.003
Published
2025-03-10
An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-10
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.
Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-03-10
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
CVSS Score
2.7
EPSS Score
0.003
Published
2025-03-10