Security Vulnerabilities - CVEs Published In March 2025
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-03-27
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
CVSS Score
2.7
EPSS Score
0.0
Published
2025-03-27
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
CVSS Score
4.3
EPSS Score
0.0
Published
2025-03-27
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
CVSS Score
4.6
EPSS Score
0.002
Published
2025-03-27
Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-03-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-03-27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshift: from n/a through 11.0.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SearchIQ SearchIQ allows Stored XSS. This issue affects SearchIQ: from n/a through 4.7.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-27
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-03-27
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-27