CVE List - 2025 / March
Showing 2501 - 2600 of 4018 CVEs for March 2025 (Page 26 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-25068 | 2025-03-21 | Bypassing MFA Enforcement on Plugin Endpoints |
| CVE-2025-2597 | 2025-03-21 | Reflected Cross-Site Scripting (XSS) vulnerability in ITIUM 6050 |
| CVE-2025-2587 | 2025-03-21 | Jinher OA C6 IncentivePlanFulfillAppprove.aspx sql injection |
| CVE-2025-2588 | 2025-03-21 | Hercules Augeas fa.c re_case_expand null pointer dereference |
| CVE-2025-2589 | 2025-03-21 | code-projects Human Resource Management System Account.go Index improper authorization |
| CVE-2025-2590 | 2025-03-21 | code-projects Human Resource Management System recruitment.go UpdateRecruitmentById cross site scripting |
| CVE-2025-2591 | 2025-03-21 | Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_Quake1 divide by zero |
| CVE-2025-2592 | 2025-03-21 | Open Asset Import Library Assimp CSMLoader.cpp InternReadFile heap-based overflow |
| CVE-2025-24915 | 2025-03-21 | When installing Nessus Agent to a non-default location on a... |
| CVE-2025-2598 | 2025-03-21 | AWS CDK CLI prints AWS credentials retrieved by custom credential plugins |
| CVE-2025-27612 | 2025-03-21 | Libcontainer is affected by capabilities elevation |
| CVE-2025-2593 | 2025-03-21 | FastCMS list sql injection |
| CVE-2025-29927 | 2025-03-21 | Authorization Bypass in Next.js Middleware |
| CVE-2025-30157 | 2025-03-21 | Envoy crashes when HTTP ext_proc processes local replies |
| CVE-2021-25635 | 2025-03-21 | Content Manipulation with Certificate Validation Attack |
| CVE-2025-30168 | 2025-03-21 | Parse Server has an OAuth login vulnerability |
| CVE-2023-43029 | 2025-03-21 | IBM Storage Virtualize vSphere Remote Plug-in information disclosure |
| CVE-2019-16151 | 2025-03-21 | An improper neutralization of input during web page generation vulnerability... |
| CVE-2025-25035 | 2025-03-21 | Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS) |
| CVE-2025-25036 | 2025-03-21 | Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE) |
| CVE-2025-2601 | 2025-03-21 | SourceCodester Kortex Lite Advocate Office Management System activate_reg.php sql injection |
| CVE-2025-2602 | 2025-03-21 | SourceCodester Kortex Lite Advocate Office Management System deactivate_reg.php sql injection |
| CVE-2025-2603 | 2025-03-21 | SourceCodester Kortex Lite Advocate Office Management System deactivate.php sql injection |
| CVE-2025-2604 | 2025-03-21 | SourceCodester Kortex Lite Advocate Office Management System edit_act.php sql injection |
| CVE-2025-2606 | 2025-03-21 | SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload |
| CVE-2025-2607 | 2025-03-21 | phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload |
| CVE-2025-2608 | 2025-03-21 | PHPGurukul Banquet Booking System view-user-queries.php sql injection |
| CVE-2025-30204 | 2025-03-21 | jwt-go allows excessive memory allocation during header parsing |
| CVE-2025-26500 | 2025-03-21 | VxWorks 7 USB Failure |
| CVE-2025-2610 | 2025-03-21 | MagnusBilling Stored Cross-Site Scripting in Alarm Module |
| CVE-2025-2609 | 2025-03-21 | MagnusBilling Stored Cross-Site Scripting in Login Logs |
| CVE-2025-30472 | 2025-03-22 | Corosync through 3.1.9, if encryption is disabled or the attacker... |
| CVE-2024-13737 | 2025-03-22 | Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template Creation |
| CVE-2025-0723 | 2025-03-22 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-13739 | 2025-03-22 | Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter |
| CVE-2025-1408 | 2025-03-22 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management |
| CVE-2025-0724 | 2025-03-22 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection |
| CVE-2025-2479 | 2025-03-22 | Easy Custom Admin Bar <= 1.0 - Reflected Cross-Site Scripting via msg Parameter |
| CVE-2025-2477 | 2025-03-22 | CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter |
| CVE-2025-0807 | 2025-03-22 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-2484 | 2025-03-22 | Multi Video Box <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters |
| CVE-2025-2303 | 2025-03-22 | Block Logic <= 1.0.8 - Authenticated (Contributor+) Remote Code Execution |
| CVE-2025-2482 | 2025-03-22 | Gotcha | Gesture-based Captcha <= 1.0.0 - Reflected Cross-Site Scripting via menu Parameter |
| CVE-2025-1311 | 2025-03-22 | WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-13856 | 2025-03-22 | Make Builder <= 1.1.10 - Authenticated (Subscriber+) Server-Side Request Forgery via make_builder_ajax_subscribe Function |
| CVE-2025-2478 | 2025-03-22 | Code Clone <= 0.9 - Authenticated (Administrator+) SQL Injection via snippetId Parameter |
| CVE-2024-13768 | 2025-03-22 | CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Font Assignment Deletion |
| CVE-2024-13666 | 2025-03-22 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing |
| CVE-2025-2616 | 2025-03-22 | yangyouwang 杨有旺 crud 简约后台管理系统 Role Management Page cross site scripting |
| CVE-2025-2577 | 2025-03-22 | Bitspecter Suite <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-1972 | 2025-03-22 | Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function |
| CVE-2025-1971 | 2025-03-22 | Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter |
| CVE-2025-1970 | 2025-03-22 | Export and Import Users and Customers <= 2.6.2 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function |
| CVE-2025-2331 | 2025-03-22 | GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2025-1973 | 2025-03-22 | Export and Import Users and Customers <= 2.6.2 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function |
| CVE-2025-26796 | 2025-03-22 | Apache Oozie: XSS in Oozie Web Console |
| CVE-2025-2617 | 2025-03-22 | yangyouwang 杨有旺 crud 简约后台管理系统 Department Page cross site scripting |
| CVE-2025-2186 | 2025-03-22 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' |
| CVE-2025-2618 | 2025-03-22 | D-Link DAP-1620 Path api set_ws_action heap-based overflow |
| CVE-2025-2619 | 2025-03-22 | D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow |
| CVE-2025-2620 | 2025-03-22 | D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow |
| CVE-2025-2621 | 2025-03-22 | D-Link DAP-1620 storage check_dws_cookie stack-based overflow |
| CVE-2025-2622 | 2025-03-22 | aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization |
| CVE-2025-2623 | 2025-03-22 | westboy CicadasCMS save cross site scripting |
| CVE-2025-2624 | 2025-03-22 | westboy CicadasCMS save sql injection |
| CVE-2025-2625 | 2025-03-22 | westboy CicadasCMS page sql injection |
| CVE-2025-2626 | 2025-03-22 | SourceCodester Kortex Lite Advocate Office Management System edit_case.php sql injection |
| CVE-2025-2627 | 2025-03-22 | PHPGurukul Art Gallery Management System contactus.php sql injection |
| CVE-2025-2628 | 2025-03-22 | PHPGurukul Art Gallery Management System art-enquiry.php sql injection |
| CVE-2025-2637 | 2025-03-23 | JIZHICMS Account Profile Page userinfo.html improper authorization |
| CVE-2025-2638 | 2025-03-23 | JIZHICMS Article release.html improper authorization |
| CVE-2025-2639 | 2025-03-23 | JIZHICMS Article release.html improper authorization |
| CVE-2025-2640 | 2025-03-23 | PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php sql injection |
| CVE-2025-2641 | 2025-03-23 | PHPGurukul Art Gallery Management System edit-artist-detail.php sql injection |
| CVE-2025-0718 | 2025-03-23 | Nested Pages < 3.2.13 - Contributor+ Stored XSS |
| CVE-2025-1446 | 2025-03-23 | Pods < 3.2.8.2 - Admin+ SQL Injection |
| CVE-2025-2642 | 2025-03-23 | PHPGurukul Art Gallery Management System edit-art-product-detail.php sql injection |
| CVE-2025-2643 | 2025-03-23 | PHPGurukul Art Gallery Management System edit-art-type-detail.php sql injection |
| CVE-2025-2644 | 2025-03-23 | PHPGurukul Art Gallery Management System add-art-product.php sql injection |
| CVE-2025-2645 | 2025-03-23 | PHPGurukul Art Gallery Management System product.php cross site scripting |
| CVE-2025-2646 | 2025-03-23 | PHPGurukul Art Gallery Management System admin-profile.php sql injection |
| CVE-2025-2647 | 2025-03-23 | PHPGurukul Art Gallery Management System search.php sql injection |
| CVE-2025-2648 | 2025-03-23 | PHPGurukul Art Gallery Management System view-enquiry-detail.php sql injection |
| CVE-2025-2649 | 2025-03-23 | PHPGurukul Doctor Appointment Management System check-appointment.php sql injection |
| CVE-2025-2650 | 2025-03-23 | PHPGurukul Medical Card Generation System download-medical-cards.php cross site scripting |
| CVE-2025-30474 | 2025-03-23 | Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message |
| CVE-2025-27553 | 2025-03-23 | Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT |
| CVE-2025-2691 | 2025-03-23 | Versions of the package nossrf before 1.0.4 are vulnerable to... |
| CVE-2025-2651 | 2025-03-23 | SourceCodester Online Eyewear Shop admin exposure of information through directory listing |
| CVE-2025-2652 | 2025-03-23 | SourceCodester Employee and Visitor Gate Pass Logging System exposure of information through directory listing |
| CVE-2025-2653 | 2025-03-23 | FoxCMS improper authorization |
| CVE-2025-2654 | 2025-03-23 | SourceCodester AC Repair and Services System manage_service.php sql injection |
| CVE-2025-29806 | 2025-03-23 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2025-29795 | 2025-03-23 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| CVE-2025-2655 | 2025-03-23 | SourceCodester AC Repair and Services System Users.php save_users sql injection |
| CVE-2025-2656 | 2025-03-23 | PHPGurukul Zoo Management System login.php sql injection |
| CVE-2025-2657 | 2025-03-23 | projectworlds Apartment Visitors Management System front.php sql injection |
| CVE-2025-2658 | 2025-03-23 | PHPGurukul Online Security Guards Hiring System search-request.php sql injection |
| CVE-2025-2659 | 2025-03-23 | Project Worlds Online Time Table Generator index.php sql injection |
| CVE-2025-2660 | 2025-03-23 | Project Worlds Online Time Table Generator index.php sql injection |