CVE List - 2025 / March
Showing 801 - 900 of 4015 CVEs for March 2025 (Page 9 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-58074 | 2025-03-06 | drm/i915: Grab intel_display from the encoder to avoid potential oopsies |
| CVE-2024-58075 | 2025-03-06 | crypto: tegra - do not transfer req when tegra init fails |
| CVE-2025-21825 | 2025-03-06 | bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT |
| CVE-2025-21826 | 2025-03-06 | netfilter: nf_tables: reject mismatching sum of field_len with set key length |
| CVE-2025-21827 | 2025-03-06 | Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() |
| CVE-2025-21828 | 2025-03-06 | wifi: mac80211: don't flush non-uploaded STAs |
| CVE-2025-21829 | 2025-03-06 | RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" |
| CVE-2025-21830 | 2025-03-06 | landlock: Handle weird files |
| CVE-2024-58076 | 2025-03-06 | clk: qcom: gcc-sm6350: Add missing parent_map for two clocks |
| CVE-2024-58077 | 2025-03-06 | ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback |
| CVE-2024-58078 | 2025-03-06 | misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors |
| CVE-2024-58079 | 2025-03-06 | media: uvcvideo: Fix crash during unbind if gpio unit is in use |
| CVE-2024-58080 | 2025-03-06 | clk: qcom: dispcc-sm6350: Add missing parent_map for a clock |
| CVE-2024-58081 | 2025-03-06 | clk: mmp2: call pm_genpd_init() only after genpd.name is set |
| CVE-2024-58082 | 2025-03-06 | media: nuvoton: Fix an error check in npcm_video_ece_init() |
| CVE-2024-58083 | 2025-03-06 | KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() |
| CVE-2024-58084 | 2025-03-06 | firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() |
| CVE-2024-58085 | 2025-03-06 | tomoyo: don't emit warning in tomoyo_write_control() |
| CVE-2025-21831 | 2025-03-06 | PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 |
| CVE-2025-21832 | 2025-03-06 | block: don't revert iter for -EIOCBQUEUED |
| CVE-2025-21833 | 2025-03-06 | iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE |
| CVE-2025-21834 | 2025-03-06 | seccomp: passthrough uretprobe systemcall without filtering |
| CVE-2024-12742 | 2025-03-06 | Deserialization of Untrusted Data Vulnerability in NI G Web Development Software |
| CVE-2024-51476 | 2025-03-06 | IBM Concert Software information disclosure |
| CVE-2024-58086 | 2025-03-06 | drm/v3d: Stop active perfmon if it is being destroyed |
| CVE-2025-0337 | 2025-03-06 | Authorization bypass in Now Platform |
| CVE-2025-2032 | 2025-03-06 | ChestnutCMS rename renameFile path traversal |
| CVE-2025-2033 | 2025-03-06 | code-projects Blood Bank Management System view_donor.php sql injection |
| CVE-2025-2034 | 2025-03-06 | PHPGurukul Pre-School Enrollment System edit-class.php sql injection |
| CVE-2025-2035 | 2025-03-06 | s-a-zhd Ecommerce-Website-using-PHP customer_register.php unrestricted upload |
| CVE-2025-2036 | 2025-03-06 | s-a-zhd Ecommerce-Website-using-PHP details.php sql injection |
| CVE-2025-24796 | 2025-03-06 | Remote Code Execution within Collabora Online jail with Macros Enabled |
| CVE-2025-25191 | 2025-03-06 | Group-Office has a Stored XSS Vulnerability via user's name field |
| CVE-2025-25294 | 2025-03-06 | Envoy Gateway Log Injection Vulnerability |
| CVE-2025-27506 | 2025-03-06 | NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page |
| CVE-2025-2037 | 2025-03-06 | code-projects Blood Bank Management System delete_requester.php sql injection |
| CVE-2025-27509 | 2025-03-06 | SAML authentication vulnerability due to improper SAML response validation |
| CVE-2025-27600 | 2025-03-06 | FastGPT SSRF |
| CVE-2025-2038 | 2025-03-06 | code-projects Blood Bank Management System upload exposure of information through directory listing |
| CVE-2025-2039 | 2025-03-06 | code-projects Blood Bank Management System delete_members.php sql injection |
| CVE-2025-2040 | 2025-03-06 | zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine |
| CVE-2025-2041 | 2025-03-06 | s-a-zhd Ecommerce-Website-using-PHP shop.php sql injection |
| CVE-2025-2042 | 2025-03-06 | huang-yk student-manage cross-site request forgery |
| CVE-2025-2043 | 2025-03-06 | LinZhaoguan pb-cms Add New Topic admin#themes deserialization |
| CVE-2025-2044 | 2025-03-06 | code-projects Blood Bank Management System delete_bloodGroup.php sql injection |
| CVE-2025-2046 | 2025-03-06 | SourceCodester Best Employee Management System print1.php sql injection |
| CVE-2025-27598 | 2025-03-06 | Out-of-bounds Write in SixLabors ImageSharp |
| CVE-2025-2047 | 2025-03-06 | PHPGurukul Art Gallery Management System search.php cross site scripting |
| CVE-2025-2049 | 2025-03-06 | code-projects Blood Bank System AB+.php cross site scripting |
| CVE-2025-2050 | 2025-03-06 | PHPGurukul User Registration & Login and User Management System login.php sql injection |
| CVE-2025-1121 | 2025-03-06 | Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed... |
| CVE-2024-42733 | 2025-03-07 | An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input |
| CVE-2025-25617 | 2025-03-07 | Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus. |
| CVE-2025-27795 | 2025-03-07 | ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. |
| CVE-2025-27796 | 2025-03-07 | ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. |
| CVE-2025-27816 | 2025-03-07 | A vulnerability was discovered in the Arctera InfoScale 7.0 through 8.0.2 where a .NET remoting endpoint can be exploited due to the insecure deserialization of potentially untrusted messages. The vulnerability... |
| CVE-2025-27822 | 2025-03-07 | An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin"... |
| CVE-2025-27823 | 2025-03-07 | An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The... |
| CVE-2025-27824 | 2025-03-07 | An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is... |
| CVE-2025-27825 | 2025-03-07 | An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names. |
| CVE-2025-27826 | 2025-03-07 | An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names. |
| CVE-2025-27839 | 2025-03-07 | operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan... |
| CVE-2025-2051 | 2025-03-07 | PHPGurukul Apartment Visitors Management System search-visitor.php sql injection |
| CVE-2025-2052 | 2025-03-07 | PHPGurukul Apartment Visitors Management System forgot-password.php sql injection |
| CVE-2025-2053 | 2025-03-07 | PHPGurukul Apartment Visitors Management System visitor-detail.php sql injection |
| CVE-2025-2054 | 2025-03-07 | code-projects Blood Bank Management System edit_state.php sql injection |
| CVE-2025-2057 | 2025-03-07 | PHPGurukul Emergency Ambulance Hiring Portal about-us.php sql injection |
| CVE-2025-2058 | 2025-03-07 | PHPGurukul Emergency Ambulance Hiring Portal search.php sql injection |
| CVE-2025-0749 | 2025-03-07 | Homey <= 2.4.3 - Limited Authentication Bypass due to Missing Empty Value Check |
| CVE-2024-13526 | 2025-03-07 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export |
| CVE-2025-0748 | 2025-03-07 | Homey <= 2.4.3 - Cross-Site Request Forgery to User Verification |
| CVE-2025-2059 | 2025-03-07 | PHPGurukul Emergency Ambulance Hiring Portal booking-details.php sql injection |
| CVE-2025-2060 | 2025-03-07 | PHPGurukul Emergency Ambulance Hiring Portal admin-profile.php sql injection |
| CVE-2025-26708 | 2025-03-07 | ZTELink has a configuration defect vulnerability |
| CVE-2025-2061 | 2025-03-07 | code-projects Online Ticket Reservation System passenger.php cross site scripting |
| CVE-2025-2062 | 2025-03-07 | projectworlds Life Insurance Management System clientStatus.php sql injection |
| CVE-2025-2063 | 2025-03-07 | projectworlds Life Insurance Management System deleteNominee.php sql injection |
| CVE-2025-2064 | 2025-03-07 | projectworlds Life Insurance Management System deletePayment.php sql injection |
| CVE-2025-2065 | 2025-03-07 | projectworlds Life Insurance Management System editAgent.php sql injection |
| CVE-2025-2066 | 2025-03-07 | projectworlds Life Insurance Management System updateAgent.php sql injection |
| CVE-2025-2067 | 2025-03-07 | projectworlds Life Insurance Management System search.php sql injection |
| CVE-2025-1475 | 2025-03-07 | WPCOM Member <= 1.7.5 - Authentication Bypass via 'user_phone' |
| CVE-2024-12809 | 2025-03-07 | Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13655 | 2025-03-07 | Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion |
| CVE-2024-13320 | 2025-03-07 | CURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL Injection |
| CVE-2025-0863 | 2025-03-07 | Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-1309 | 2025-03-07 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13906 | 2025-03-07 | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection |
| CVE-2024-12576 | 2025-03-07 | GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address |
| CVE-2024-12837 | 2025-03-07 | GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size |
| CVE-2025-26331 | 2025-03-07 | Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this... |
| CVE-2024-12607 | 2025-03-07 | School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' |
| CVE-2024-12035 | 2025-03-07 | CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-12611 | 2025-03-07 | School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting |
| CVE-2024-10804 | 2025-03-07 | Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download |
| CVE-2024-12036 | 2025-03-07 | CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-13781 | 2025-03-07 | Hero Maps Premium - Customizable Google Maps Plugin <= 2.3.9 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-13904 | 2025-03-07 | Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2024-12610 | 2025-03-07 | School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-12609 | 2025-03-07 | School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance' |