Security Vulnerabilities - CVEs Published In March 2025
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
CVSS Score
4.4
EPSS Score
0.001
Published
2025-03-29
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-03-29
IBM InfoSphere Information Server 11.7
could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-29
maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-28
ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-28
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-28
OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-03-28
OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-28
In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-28