Security Vulnerabilities - CVEs Published In March 2025
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-03-06
Improper Input Validation vulnerability in Apache Traffic Server.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.
Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
CVSS Score
6.3
EPSS Score
0.007
Published
2025-03-06
Expected Behavior Violation vulnerability in Apache Traffic Server.
This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.
Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-03-06
A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.4
EPSS Score
0.001
Published
2025-03-06
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
CVSS Score
3.1
EPSS Score
0.0
Published
2025-03-06
The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-03-06
Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-06
Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-03-06
Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-06
Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-06