Security Vulnerabilities - CVEs Published In March 2025
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-03-27
An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-03-27
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-03-27
An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI.
CVSS Score
3.7
EPSS Score
0.001
Published
2025-03-27
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
CVSS Score
2.7
EPSS Score
0.0
Published
2025-03-27
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
CVSS Score
4.3
EPSS Score
0.0
Published
2025-03-27
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
CVSS Score
4.6
EPSS Score
0.004
Published
2025-03-27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-03-27
Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-27
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-27