CVE List - 2025 / March
Showing 1001 - 1100 of 4015 CVEs for March 2025 (Page 11 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-13924 | 2025-03-08 | Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2025-2112 | 2025-03-08 | user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection |
| CVE-2025-2113 | 2025-03-09 | AT Software Solutions ATSVD Esqueceu a senha sql injection |
| CVE-2025-2114 | 2025-03-09 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization |
| CVE-2025-2115 | 2025-03-09 | zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload |
| CVE-2025-1362 | 2025-03-09 | easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF |
| CVE-2025-1363 | 2025-03-09 | easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS |
| CVE-2025-1382 | 2025-03-09 | Contact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRF |
| CVE-2025-2116 | 2025-03-09 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery |
| CVE-2025-2117 | 2025-03-09 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection |
| CVE-2025-2118 | 2025-03-09 | Quantico Tecnologia PRMV Login Endpoint login.php sql injection |
| CVE-2025-2119 | 2025-03-09 | Thinkware Car Dashcam F800 Pro Device Registration default credentials |
| CVE-2025-2120 | 2025-03-09 | Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk |
| CVE-2025-2121 | 2025-03-09 | Thinkware Car Dashcam F800 Pro File Storage access control |
| CVE-2025-27636 | 2025-03-09 | Apache Camel: Camel Message Header Injection via Improper Filtering |
| CVE-2025-2122 | 2025-03-09 | Thinkware Car Dashcam F800 Pro Connection denial of service |
| CVE-2025-2123 | 2025-03-09 | GeSHi CSS cssgen.php get_var cross site scripting |
| CVE-2025-2124 | 2025-03-09 | Control iD RH iD API change_password cross site scripting |
| CVE-2025-2125 | 2025-03-09 | Control iD RH iD PDF Document companyId resource injection |
| CVE-2025-2126 | 2025-03-09 | JoomlaUX JUX Real Estate GET Parameter realties sql injection |
| CVE-2025-2127 | 2025-03-09 | JoomlaUX JUX Real Estate realties cross site scripting |
| CVE-2025-2129 | 2025-03-09 | Mage AI insecure default initialization of resource |
| CVE-2025-2130 | 2025-03-09 | OpenXE Ticket Bearbeiten Page cross site scripting |
| CVE-2025-2131 | 2025-03-09 | dayrui XunRuiCMS Friendly Links cross site scripting |
| CVE-2025-2132 | 2025-03-09 | ftcms Search ajax_all_lists sql injection |
| CVE-2025-2133 | 2025-03-09 | ftcms edit cross site scripting |
| CVE-2024-53307 | 2025-03-10 | A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a... |
| CVE-2024-55199 | 2025-03-10 | A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature.... |
| CVE-2024-57492 | 2025-03-10 | An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton. |
| CVE-2025-25382 | 2025-03-10 | An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request. |
| CVE-2025-25614 | 2025-03-10 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. |
| CVE-2025-25615 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. |
| CVE-2025-25616 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. |
| CVE-2025-25620 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. |
| CVE-2025-25907 | 2025-03-10 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. |
| CVE-2025-25908 | 2025-03-10 | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save. |
| CVE-2025-25940 | 2025-03-10 | VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java. |
| CVE-2025-25977 | 2025-03-10 | An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement. |
| CVE-2025-27910 | 2025-03-10 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. |
| CVE-2025-27913 | 2025-03-10 | Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from... |
| CVE-2025-27924 | 2025-03-10 | Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action. |
| CVE-2025-27925 | 2025-03-10 | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. |
| CVE-2025-27926 | 2025-03-10 | In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. |
| CVE-2024-43107 | 2025-03-10 | Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0... |
| CVE-2024-41724 | 2025-03-10 | Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to... |
| CVE-2025-1926 | 2025-03-10 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification |
| CVE-2024-11638 | 2025-03-10 | Gtbabel < 6.6.9 - Unauthenticated Admin Account Takeover |
| CVE-2025-2150 | 2025-03-10 | HGiga C&Cm@il - Stored Cross-Site Scripting |
| CVE-2025-27253 | 2025-03-10 | A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes... |
| CVE-2025-27254 | 2025-03-10 | CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can... |
| CVE-2025-27255 | 2025-03-10 | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the... |
| CVE-2025-27256 | 2025-03-10 | Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated,... |
| CVE-2025-27257 | 2025-03-10 | Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on... |
| CVE-2025-24387 | 2025-03-10 | Missing CSRF protection |
| CVE-2024-13918 | 2025-03-10 | Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page |
| CVE-2024-13919 | 2025-03-10 | Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page |
| CVE-2025-2147 | 2025-03-10 | Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access |
| CVE-2025-1944 | 2025-03-10 | picklescan ZIP archive manipulation attack leads to crash |
| CVE-2025-1945 | 2025-03-10 | picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch |
| CVE-2025-2148 | 2025-03-10 | PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption |
| CVE-2025-2149 | 2025-03-10 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization |
| CVE-2025-2151 | 2025-03-10 | Open Asset Import Library Assimp File ParsingUtils.h GetNextLine stack-based overflow |
| CVE-2025-2152 | 2025-03-10 | Open Asset Import Library Assimp File BaseImporter.cpp ConvertToUTF8 heap-based overflow |
| CVE-2025-1497 | 2025-03-10 | Remote Code Execution in PlotAI |
| CVE-2025-2153 | 2025-03-10 | HDF5 h5 File H5SM.c H5SM_delete heap-based overflow |
| CVE-2025-26865 | 2025-03-10 | Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE |
| CVE-2024-12604 | 2025-03-10 | Improper Authentication in Tapandsign Technologies Tap and Sign App |
| CVE-2025-26933 | 2025-03-10 | WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability |
| CVE-2025-26936 | 2025-03-10 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability |
| CVE-2025-26910 | 2025-03-10 | WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-26916 | 2025-03-10 | WordPress Massive Dynamic theme <= 8.2 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-47109 | 2025-03-10 | IBM Sterling File Gateway information disclosure |
| CVE-2024-52905 | 2025-03-10 | IBM Sterling B2B Integrator information disclosure |
| CVE-2025-24813 | 2025-03-10 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
| CVE-2024-52812 | 2025-03-10 | LF Edge eKuiper has Stored XSS in Rules Functionality |
| CVE-2025-1296 | 2025-03-10 | Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs |
| CVE-2025-22603 | 2025-03-10 | AutoGPT SSRF vulnerability |
| CVE-2025-25306 | 2025-03-10 | Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes |
| CVE-2024-56184 | 2025-03-10 | In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional... |
| CVE-2024-56185 | 2025-03-10 | In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction... |
| CVE-2024-56186 | 2025-03-10 | In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-56187 | 2025-03-10 | In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System... |
| CVE-2024-56188 | 2025-03-10 | there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2025-27136 | 2025-03-10 | LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection |
| CVE-2025-26696 | 2025-03-10 | Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird... |
| CVE-2025-26695 | 2025-03-10 | When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This... |
| CVE-2025-27615 | 2025-03-10 | umatiGateway's UI publicly accessible in provided docker-compose file |
| CVE-2025-27616 | 2025-03-10 | Vela Server has Insufficient Webhook Payload Data Verification |
| CVE-2024-54473 | 2025-03-10 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. |
| CVE-2024-54469 | 2025-03-10 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local... |
| CVE-2024-44192 | 2025-03-10 | The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously... |
| CVE-2024-54560 | 2025-03-10 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be... |
| CVE-2024-54463 | 2025-03-10 | This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent. |
| CVE-2024-54546 | 2025-03-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. |
| CVE-2024-44227 | 2025-03-10 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system... |
| CVE-2024-44179 | 2025-03-10 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15.... |
| CVE-2024-54467 | 2025-03-10 | A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS... |
| CVE-2024-54558 | 2025-03-10 | A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick... |
| CVE-2022-43454 | 2025-03-10 | A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may... |
| CVE-2022-48610 | 2025-03-10 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access... |