Security Vulnerabilities - CVEs Published In March 2025
t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping.
CVSS Score
6.5
EPSS Score
0.007
Published
2025-03-04
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. This vulnerability is fixed in 2.2.12, 3.0.13, and 3.1.11.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-03-04
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
CVSS Score
8.1
EPSS Score
0.002
Published
2025-03-04
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.
CVSS Score
10.0
EPSS Score
0.003
Published
2025-03-04
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.
CVSS Score
10.0
EPSS Score
0.008
Published
2025-03-04
Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-03-04
Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-03-04
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-03-04
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-03-04
Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136.
CVSS Score
8.2
EPSS Score
0.003
Published
2025-03-04