Security Vulnerabilities - CVEs Published In March 2025
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-03-30
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Score
2.7
EPSS Score
0.001
Published
2025-03-29
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.001
Published
2025-03-29
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVSS Score
3.1
EPSS Score
0.001
Published
2025-03-29
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-03-29
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-03-29
IBM InfoSphere Information Server 11.7
could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-29
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-28
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-28