Security Vulnerabilities - CVEs Published In March 2025
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03
Memory corruption may occur in keyboard virtual device due to guest VM interaction.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-03
Memory corruption while doing Escape call when user provides valid kernel address in the place of valid user buffer address.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-03
Memory corruption occurs during an Escape call if an invalid Kernel Mode CPU event and sync object handle are passed with the DriverKnownEscape flag reset.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-03
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.
CVSS Score
8.7
EPSS Score
0.003
Published
2025-03-03
Memory corruption while calling the NPU driver APIs concurrently.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-03
Transient DOS can occur while processing UCI command.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-03