VULNMAP - Security Vulnerabilities

CVE List - 2025 / March

Showing 3201 - 3300 of 4018 CVEs for March 2025 (Page 33 of 41)

CVE ID Date Title
CVE-2025-30883 2025-03-27 WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability
CVE-2025-30884 2025-03-27 WordPress Bit Integrations plugin <= 2.4.10 - Open Redirection vulnerability
CVE-2025-30885 2025-03-27 WordPress Bit Form plugin <= 2.18.0 - Open Redirection vulnerability
CVE-2025-30887 2025-03-27 WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability
CVE-2025-30888 2025-03-27 WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30890 2025-03-27 WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability
CVE-2025-30891 2025-03-27 WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability
CVE-2025-30893 2025-03-27 WordPress LeadConnector plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30894 2025-03-27 WordPress WP Fast Total Search plugin <= 1.79.262 - Broken Access Control vulnerability
CVE-2025-30895 2025-03-27 WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability
CVE-2025-30896 2025-03-27 WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability
CVE-2025-30897 2025-03-27 WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability
CVE-2025-30898 2025-03-27 WordPress افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) plugin <= 4.2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30899 2025-03-27 WordPress User Registration plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30900 2025-03-27 WordPress Zoho Billing – Embed Payment Form plugin <= 4.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-30903 2025-03-27 WordPress SyntaxHighlighter Evolved plugin <= 3.7.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30904 2025-03-27 WordPress Chartify plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30907 2025-03-27 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30909 2025-03-27 WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability
CVE-2025-30912 2025-03-27 WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-30914 2025-03-27 WordPress Metform Elementor Contact Form Builder plugin <= 3.9.2 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-30918 2025-03-27 WordPress Structured Content plugin 1.6.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30919 2025-03-27 WordPress Store Locator Widget plugin <= 20200131 - CSRF to Stored XSS vulnerability
CVE-2025-30920 2025-03-27 WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30921 2025-03-27 WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability
CVE-2025-30922 2025-03-27 WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30923 2025-03-27 WordPress Gift Message for WooCommerce plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-30925 2025-03-27 WordPress The Pack Elementor addons plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31139 2025-03-27 In JetBrains TeamCity before 2025.03 base64 encoded password could be...
CVE-2025-31140 2025-03-27 In JetBrains TeamCity before 2025.03 stored XSS was possible on...
CVE-2025-31141 2025-03-27 In JetBrains TeamCity before 2025.03 exception could lead to credential...
CVE-2025-2255 2025-03-27 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2025-2242 2025-03-27 Incorrect Authorization in GitLab
CVE-2025-2846 2025-03-27 SourceCodester Online Eyewear Shop Registration Users.php registration sql injection
CVE-2025-0811 2025-03-27 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2024-9773 2025-03-27 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
CVE-2025-2847 2025-03-27 Codezips Gym Management System over_month.php sql injection
CVE-2025-2857 2025-03-27 Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers...
CVE-2025-2849 2025-03-27 UPX p_lx_elf.cpp un_DT_INIT heap-based overflow
CVE-2025-21867 2025-03-27 bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
CVE-2025-21868 2025-03-27 net: allow small head cache usage with large MAX_SKB_FRAGS values
CVE-2025-21869 2025-03-27 powerpc/code-patching: Disable KASAN report during patching via temporary mm
CVE-2025-21870 2025-03-27 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
CVE-2025-21871 2025-03-27 tee: optee: Fix supplicant wait loop
CVE-2025-26619 2025-03-27 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`
CVE-2025-26738 2025-03-27 WordPress Quick Interest Slider plugin <= 3.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26737 2025-03-27 WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26736 2025-03-27 WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-26734 2025-03-27 WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26732 2025-03-27 WordPress StoreBiz plugin <= 1.0.32 - Cross Site Scripting (XSS) vulnerability
CVE-2025-2852 2025-03-27 SourceCodester Food Ordering Management System view_menu.php sql injection
CVE-2025-26731 2025-03-27 WordPress ARPrice plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-2867 2025-03-27 Improper Control of Generation of Code ('Code Injection') in GitLab
CVE-2025-25100 2025-03-27 WordPress Cazamba plugin <= 1.2 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22816 2025-03-27 WordPress Power Mag theme <= 1.1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-27793 2025-03-27 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
CVE-2025-25086 2025-03-27 WordPress Secret Meta plugin <= 1.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22770 2025-03-27 WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability
CVE-2025-22672 2025-03-27 WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.2 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-22673 2025-03-27 WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability
CVE-2025-22671 2025-03-27 WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability
CVE-2025-22670 2025-03-27 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability
CVE-2025-22669 2025-03-27 WordPress Awesome Event Booking plugin <= 2.7.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-22668 2025-03-27 WordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerability
CVE-2025-22667 2025-03-27 WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability
CVE-2025-22665 2025-03-27 WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability
CVE-2025-22660 2025-03-27 WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-2516 2025-03-27 Use of a weak cryptographic key in the signature verification process in WPS Office
CVE-2025-2854 2025-03-27 code-projects Payroll Management System update_employee.php sql injection
CVE-2024-56469 2025-03-27 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication
CVE-2025-1997 2025-03-27 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection
CVE-2025-1998 2025-03-27 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure
CVE-2025-30221 2025-03-27 Pitchfork HTTP Request/Response Splitting vulnerability
CVE-2025-30358 2025-03-27 Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks
CVE-2024-58090 2025-03-27 sched/core: Prevent rescheduling when interrupts are disabled
CVE-2024-58091 2025-03-27 drm/fbdev-dma: Add shadow buffering for deferred I/O
CVE-2025-21872 2025-03-27 efi: Don't map the entire mokvar table to determine its size
CVE-2025-21873 2025-03-27 scsi: ufs: core: bsg: Fix crash when arpmb command fails
CVE-2025-21874 2025-03-27 dm-integrity: Avoid divide by zero in table status in Inline mode
CVE-2025-21875 2025-03-27 mptcp: always handle address removal under msk socket lock
CVE-2025-21876 2025-03-27 iommu/vt-d: Fix suspicious RCU usage
CVE-2025-21877 2025-03-27 usbnet: gl620a: fix endpoint checking in genelink_bind()
CVE-2025-21878 2025-03-27 i2c: npcm: disable interrupt enable bit before devm_request_irq
CVE-2025-21879 2025-03-27 btrfs: fix use-after-free on inode when scanning root during em shrinking
CVE-2025-21880 2025-03-27 drm/xe/userptr: fix EFAULT handling
CVE-2025-21881 2025-03-27 uprobes: Reject the shared zeropage in uprobe_write_opcode()
CVE-2025-21882 2025-03-27 net/mlx5: Fix vport QoS cleanup on error
CVE-2025-21883 2025-03-27 ice: Fix deinitializing VF in error path
CVE-2025-21884 2025-03-27 net: better track kernel sockets lifetime
CVE-2025-21885 2025-03-27 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
CVE-2025-21886 2025-03-27 RDMA/mlx5: Fix implicit ODP hang on parent deregistration
CVE-2025-21887 2025-03-27 ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
CVE-2025-21888 2025-03-27 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
CVE-2025-21889 2025-03-27 perf/core: Add RCU read lock protection to perf_iterate_ctx()
CVE-2025-21890 2025-03-27 idpf: fix checksums set in idpf_rx_rsc()
CVE-2025-21891 2025-03-27 ipvlan: ensure network headers are in skb linear part
CVE-2025-21892 2025-03-27 RDMA/mlx5: Fix the recovery flow of the UMR QP
CVE-2025-22659 2025-03-27 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22658 2025-03-27 WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
CVE-2025-22652 2025-03-27 WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability