Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-1890 | Unrestricted Upload of File with Dangerous Type vulnerability in Shishuocms Project Shishuocms 1.1 A vulnerability has been found in shishuocms 1.1 and classified as critical. | 9.8 |
| 2025-03-04 | CVE-2025-1891 | Cross-Site Request Forgery (CSRF) vulnerability in Qzw1210 Shishuocms 1.1 A vulnerability was found in shishuocms 1.1 and classified as problematic. | 8.8 |
| 2025-03-04 | CVE-2025-27219 | Unspecified vulnerability in Ruby-Lang CGI In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. | 7.5 |
| 2025-03-04 | CVE-2025-27220 | Unspecified vulnerability in Ruby-Lang CGI In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. | 7.5 |
| 2025-03-04 | CVE-2025-27221 | Unspecified vulnerability in TAL URL In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | 5.3 |
| 2025-03-03 | CVE-2024-55064 | Unspecified vulnerability in Easyvirt DC Netscope Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) smtp_password, or (4) email_recipients parameter to /smtp/update; the (5) ntp or (6) dns parameter to /proxy/ntp/change; the (7) newVcenterAddress parameter to /process_new_vcenter. | 5.4 |
| 2025-03-03 | CVE-2025-1881 | Incorrect Privilege Assignment vulnerability in I-Drive I11 Firmware and I12 Firmware A vulnerability was found in i-Drive i11 and i12 up to 20250227. | 4.3 |
| 2025-03-03 | CVE-2025-1882 | Register Interface Allows Software Access to Sensitive Data or Security Settings vulnerability in I-Drive I11 Firmware and I12 Firmware A vulnerability was found in i-Drive i11 and i12 up to 20250227. | 7.0 |
| 2025-03-03 | CVE-2024-10904 | Unspecified vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |
| 2025-03-03 | CVE-2024-51942 | Unspecified vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |