Security Vulnerabilities - CVEs Published In March 2025
A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-03-20
DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection.
CVSS Score
10.0
EPSS Score
0.002
Published
2025-03-20
DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.
CVSS Score
10.0
EPSS Score
0.003
Published
2025-03-20
A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
CVSS Score
9.3
EPSS Score
0.001
Published
2025-03-20
Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.
CVSS Score
8.7
EPSS Score
0.005
Published
2025-03-20
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-03-20
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-03-20
A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
5.3
EPSS Score
0.006
Published
2025-03-20
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-03-20
A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
5.3
EPSS Score
0.006
Published
2025-03-20