CVE List - 2025 / March
Showing 901 - 1000 of 4018 CVEs for March 2025 (Page 10 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12609 | 2025-03-07 | School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' |
| CVE-2024-9658 | 2025-03-07 | School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation |
| CVE-2025-0959 | 2025-03-07 | Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id |
| CVE-2025-1315 | 2025-03-07 | InWave Jobs <= 3.5.1 - Unauthenticated Privilege Escalation via Password Reset |
| CVE-2024-12876 | 2025-03-07 | Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthenticated Arbitrary User Password Change |
| CVE-2024-13431 | 2025-03-07 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting |
| CVE-2025-21835 | 2025-03-07 | usb: gadget: f_midi: fix MIDI Streaming descriptor lengths |
| CVE-2025-21836 | 2025-03-07 | io_uring/kbuf: reallocate buf lists on upgrade |
| CVE-2025-21838 | 2025-03-07 | usb: gadget: core: flush gadget workqueue after device removal |
| CVE-2025-21839 | 2025-03-07 | KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop |
| CVE-2025-21840 | 2025-03-07 | thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header |
| CVE-2025-21841 | 2025-03-07 | cpufreq/amd-pstate: Fix cpufreq_policy ref counting |
| CVE-2025-21842 | 2025-03-07 | amdkfd: properly free gang_ctx_bo when failed to init user queue |
| CVE-2025-21843 | 2025-03-07 | drm/panthor: avoid garbage value in panthor_ioctl_dev_query() |
| CVE-2024-13805 | 2025-03-07 | Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-13552 | 2025-03-07 | SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference |
| CVE-2024-13635 | 2025-03-07 | VK Blocks <= 1.94.2.2 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-13857 | 2025-03-07 | WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery |
| CVE-2024-9458 | 2025-03-07 | Reservit Hotel < 3.0 - Admin+ Stored XSS |
| CVE-2024-13668 | 2025-03-07 | WordPress Activity O Meter <= 1 - Reflected XSS |
| CVE-2025-1886 | 2025-03-07 | Pass-Back vulnerability in Sage 200 Spain |
| CVE-2025-1887 | 2025-03-07 | SMB forced authentication vulnerability in Sage 200 Spain |
| CVE-2025-1768 | 2025-03-07 | SEO Plugin by Squirrly SEO <= 12.4.05 - Authenticated (Subscriber+) SQL Injection via search Parameter |
| CVE-2024-12634 | 2025-03-07 | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.59 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-2084 | 2025-03-07 | PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting |
| CVE-2025-2085 | 2025-03-07 | StarSea99 starsea-mall save cross site scripting |
| CVE-2025-2086 | 2025-03-07 | StarSea99 starsea-mall update cross site scripting |
| CVE-2025-2087 | 2025-03-07 | StarSea99 starsea-mall update cross site scripting |
| CVE-2025-2088 | 2025-03-07 | PHPGurukul Pre-School Enrollment System profile.php sql injection |
| CVE-2025-2089 | 2025-03-07 | StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control |
| CVE-2025-2090 | 2025-03-07 | PHPGurukul Pre-School Enrollment System Sub Admin add-subadmin.php access control |
| CVE-2025-27152 | 2025-03-07 | Possible SSRF and Credential Leakage via Absolute URL in axios Requests |
| CVE-2025-27519 | 2025-03-07 | Cognita Arbitrary File Write |
| CVE-2025-27518 | 2025-03-07 | Cognita CORS misconfiguration in backend API server |
| CVE-2025-27597 | 2025-03-07 | Vue I18n Prototype Pollution in `handleFlatJson` |
| CVE-2025-27603 | 2025-03-07 | XWiki Confluence Migrator Pro allows Remote Code Execution via unescaped translations |
| CVE-2025-27604 | 2025-03-07 | XWiki Confluence Migrator Pro's homepage is public |
| CVE-2024-13086 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-38638 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-48864 | 2025-03-07 | File Station 5 |
| CVE-2024-50390 | 2025-03-07 | QHora |
| CVE-2024-50394 | 2025-03-07 | Helpdesk |
| CVE-2024-50405 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-53692 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-53693 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-53694 | 2025-03-07 | QVPN Device Client, Qsync, Qfinder Pro |
| CVE-2024-53695 | 2025-03-07 | HBS 3 Hybrid Backup Sync |
| CVE-2024-53696 | 2025-03-07 | QuLog Center |
| CVE-2024-53697 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-53698 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-53699 | 2025-03-07 | QTS, QuTS hero |
| CVE-2024-53700 | 2025-03-07 | QHora |
| CVE-2025-27607 | 2025-03-07 | Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency |
| CVE-2025-0162 | 2025-03-07 | IBM Aspera Shares XML external entity injection |
| CVE-2024-12975 | 2025-03-07 | Silicon Labs CPC can leak information in full duplex SPI |
| CVE-2023-35894 | 2025-03-07 | IBM Control Center HOST header injection |
| CVE-2023-43052 | 2025-03-07 | IBM Control Center external service interaction |
| CVE-2025-26643 | 2025-03-07 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-2024 | 2025-03-07 | Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2025-2093 | 2025-03-07 | PHPGurukul Online Library Management System change-password.php password recovery |
| CVE-2025-2094 | 2025-03-07 | TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig os command injection |
| CVE-2025-2095 | 2025-03-07 | TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection |
| CVE-2025-2096 | 2025-03-07 | TOTOLINK EX1800T cstecgi.cgi setRebootScheCfg os command injection |
| CVE-2025-2097 | 2025-03-07 | TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow |
| CVE-2023-52968 | 2025-03-08 | MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before... |
| CVE-2023-52969 | 2025-03-08 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through... |
| CVE-2023-52970 | 2025-03-08 | MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through... |
| CVE-2023-52971 | 2025-03-08 | MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes... |
| CVE-2025-27840 | 2025-03-08 | Espressif ESP32 chips allow 29 hidden HCI commands, such as... |
| CVE-2025-1261 | 2025-03-08 | HT Mega – Absolute Addons For Elementor <= 2.8.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Countdown Widget |
| CVE-2025-1481 | 2025-03-08 | Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export |
| CVE-2024-12460 | 2025-03-08 | Years Since – Timeless <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13890 | 2025-03-08 | Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection |
| CVE-2025-1504 | 2025-03-08 | Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure |
| CVE-2024-13835 | 2025-03-08 | Post Meta Data Manager <= 1.4.3 - Authentciated (Admin+) Multisite Privilege Escalation |
| CVE-2024-13895 | 2025-03-08 | Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-13774 | 2025-03-08 | Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name |
| CVE-2024-13640 | 2025-03-08 | Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2024-13844 | 2025-03-08 | Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter |
| CVE-2024-12119 | 2025-03-08 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Authenticated (Custom+) Stored Cross-Site Scripting via Album Title Size |
| CVE-2024-12114 | 2025-03-08 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates |
| CVE-2024-13825 | 2025-03-08 | Email Keep <= 1.1 - Reflected XSS |
| CVE-2024-13826 | 2025-03-08 | Email Keep <= 1.1 - Email Deletion via CSRF |
| CVE-2024-13908 | 2025-03-08 | SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2024-11087 | 2025-03-08 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass |
| CVE-2024-10321 | 2025-03-08 | All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-13816 | 2025-03-08 | Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions |
| CVE-2024-13882 | 2025-03-08 | Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2025-0177 | 2025-03-08 | Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup |
| CVE-2025-1287 | 2025-03-08 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2025-1324 | 2025-03-08 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-13359 | 2025-03-08 | Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload |
| CVE-2025-1325 | 2025-03-08 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction |
| CVE-2025-1323 | 2025-03-08 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection |
| CVE-2025-1322 | 2025-03-08 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Authenticated (Contributor+) Protected Post Disclosure |
| CVE-2025-1783 | 2025-03-08 | Gallery Styles <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13649 | 2025-03-08 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11640 | 2025-03-08 | VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-1664 | 2025-03-08 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13675 | 2025-03-08 | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |