CVE List - 2025 / March

Showing 1701 - 1800 of 4018 CVEs for March 2025 (Page 18 of 41)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-29774	2025-03-14	xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
CVE-2025-29775	2025-03-14	xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
CVE-2025-29779	2025-03-14	Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
CVE-2025-29780	2025-03-14	Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
CVE-2024-54445	2025-03-14	Blind SQLi in Login
CVE-2024-54446	2025-03-14	Blind SQLi in Document History
CVE-2024-54447	2025-03-14	Blind SQLi in Saved Search
CVE-2024-54448	2025-03-14	Remote Code Execution (RCE) via Automation Scripting
CVE-2024-54449	2025-03-14	Remote Code Execution (RCE) via Arbitrary File Write In Document API
CVE-2024-12019	2025-03-14	Arbitrary File Read via Document API
CVE-2024-12020	2025-03-14	Reflected Cross-Site Scripting (XSS)
CVE-2024-12245	2025-03-14	Blind SQL Injection in Logout
CVE-2025-29771	2025-03-14	HtmlSanitizer vulnerable to XSS when used with contentEditable
CVE-2025-29782	2025-03-14	WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tipo`
CVE-2025-2308	2025-03-14	HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
CVE-2025-2309	2025-03-14	HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
CVE-2025-2310	2025-03-14	HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
CVE-2025-2295	2025-03-14	Potential iSCSI R2T PDU Vulnerability
CVE-2025-2320	2025-03-14	274056675 springboot-openai-chatgpt User submit improper authorization
CVE-2025-30066	2025-03-15	tj-actions changed-files before 46 allows remote attackers to discover secrets...
CVE-2025-1657	2025-03-15	Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
CVE-2025-1653	2025-03-15	Directory Listings WordPress plugin – uListing <= 2.1.7 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-2163	2025-03-15	Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2025-2164	2025-03-15	pixelstats <= 0.8.2 - Reflected Cross-Site Scripting
CVE-2025-2267	2025-03-15	WP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download
CVE-2025-1669	2025-03-15	School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Teacher+) SQL Injection
CVE-2024-12336	2025-03-15	WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all
CVE-2025-1667	2025-03-15	School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover
CVE-2025-1670	2025-03-15	School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Parent+) SQL Injection
CVE-2025-1668	2025-03-15	School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion
CVE-2025-1773	2025-03-15	Traveler <= 3.1.8 - Reflected Cross-Site Scripting
CVE-2025-1771	2025-03-15	Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post
CVE-2024-13497	2025-03-15	WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-2157	2025-03-15	Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
CVE-2025-2325	2025-03-15	WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting
CVE-2019-25222	2025-03-15	Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection
CVE-2025-1057	2025-03-15	Keylime: keylime registrar dos due to incompatible database entry handling
CVE-2025-2025	2025-03-15	Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function
CVE-2025-1530	2025-03-15	Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion
CVE-2025-2321	2025-03-15	274056675 springboot-openai-chatgpt addData logic error
CVE-2025-2322	2025-03-15	274056675 springboot-openai-chatgpt OpenController.java hard-coded credentials
CVE-2025-2323	2025-03-15	274056675 springboot-openai-chatgpt Number of Question questionCou updateQuestionCou behavioral workflow
CVE-2025-25225	2025-03-15	Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla
CVE-2025-23744	2025-03-15	WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26548	2025-03-15	WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability
CVE-2025-26553	2025-03-15	WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
CVE-2025-26554	2025-03-15	WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26555	2025-03-15	WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26556	2025-03-15	WordPress WP AntiDDOS Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26875	2025-03-15	WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulnerability
CVE-2025-26886	2025-03-15	WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability
CVE-2025-26895	2025-03-15	WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26899	2025-03-15	WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability
CVE-2025-26921	2025-03-15	WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability
CVE-2025-26924	2025-03-15	WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability
CVE-2025-26940	2025-03-15	WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vulnerability
CVE-2025-26961	2025-03-15	WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability
CVE-2025-26969	2025-03-15	WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability
CVE-2025-26972	2025-03-15	WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26976	2025-03-15	WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability
CVE-2025-26978	2025-03-15	WordPress FS Poster plugin <= 6.5.8 - SQL Injection vulnerability
CVE-2025-27281	2025-03-15	WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability
CVE-2025-2334	2025-03-15	274056675 springboot-openai-chatgpt Chat History chat deleteChat access control
CVE-2022-49737	2025-03-16	In X.Org X server 20.11 through 21.1.16, when a client...
CVE-2024-58103	2025-03-16	Square Wire before 5.2.0 does not enforce a recursion limit...
CVE-2025-24856	2025-03-16	An issue was discovered in the oidc (aka OpenID Connect...
CVE-2025-30074	2025-03-16	Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for...
CVE-2025-30076	2025-03-16	Koha before 24.11.02 allows admins to execute arbitrary commands via...
CVE-2025-30077	2025-03-16	Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index...
CVE-2025-30089	2025-03-16	gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.
CVE-2025-2335	2025-03-16	Drivin Soluções API registerSchool cross site scripting
CVE-2024-13126	2025-03-16	Download Manager < 3.3.07 - Unauthenticated Data Exposure
CVE-2024-13602	2025-03-16	Poll Maker < 5.5.4 - Admin+ Stored XSS
CVE-2025-1619	2025-03-16	GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
CVE-2025-1620	2025-03-16	GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
CVE-2025-1621	2025-03-16	GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
CVE-2025-1622	2025-03-16	GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
CVE-2025-1623	2025-03-16	GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
CVE-2025-1624	2025-03-16	GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS
CVE-2025-2337	2025-03-16	tbeu matio mat.c Mat_VarPrint heap-based overflow
CVE-2025-2338	2025-03-16	tbeu matio io.c strdup_vprintf heap-based overflow
CVE-2025-2339	2025-03-16	otale Tale Blog logs improper authentication
CVE-2025-2340	2025-03-16	otale Tale Blog Site Settings save saveOptions cross site scripting
CVE-2025-2341	2025-03-16	IROAD Dash Cam X5 SSID default credentials
CVE-2025-2342	2025-03-16	IROAD X5 Mobile App API Endpoint hard-coded credentials
CVE-2025-2343	2025-03-16	IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials
CVE-2025-2344	2025-03-16	IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication
CVE-2025-2345	2025-03-16	IROAD Dash Cam X5/Dash Cam X6 improper authorization
CVE-2025-2346	2025-03-16	IROAD Dash Cam X5/Dash Cam X6 Domain origin validation
CVE-2025-2347	2025-03-16	IROAD Dash Cam FX2 Device Registration default password
CVE-2025-2348	2025-03-16	IROAD Dash Cam FX2 HTTP/RTSP event information disclosure
CVE-2025-2349	2025-03-16	IROAD Dash Cam FX2 Password Hash passwd weak password hash
CVE-2025-2350	2025-03-16	IROAD Dash Cam FX2 upload_file unrestricted upload
CVE-2025-2351	2025-03-16	DayCloud StudentManage Login Endpoint adminScoreUrl sql injection
CVE-2025-2352	2025-03-16	StarSea99 starsea-mall Backend save cross site scripting
CVE-2025-2353	2025-03-16	VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection
CVE-2024-44866	2025-03-17	A buffer overflow in the GuitarPro1::read function of MuseScore Studio...
CVE-2025-25612	2025-03-17	FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to...
CVE-2025-25618	2025-03-17	Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation...
CVE-2025-25621	2025-03-17	Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows...