Security Vulnerabilities - CVEs Published In March 2025
A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-21
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file deactivate.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-21
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-21
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-03-21
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function.
CVSS Score
6.3
EPSS Score
0.006
Published
2025-03-21
In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.
CVSS Score
6.3
EPSS Score
0.006
Published
2025-03-21
In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.
CVSS Score
6.3
EPSS Score
0.006
Published
2025-03-21
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.
CVSS Score
8.6
EPSS Score
0.006
Published
2025-03-21
Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-03-21
Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-03-21