CVE List - 2025 / March
Showing 1001 - 1100 of 4018 CVEs for March 2025 (Page 11 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-10326 | 2025-03-08 | RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets |
| CVE-2024-13924 | 2025-03-08 | Starter Templates by FancyWP <= 2.0.0 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2025-2112 | 2025-03-08 | user-xiangpeng yaoqishan MediaInfoService.java getMediaLisByFilter sql injection |
| CVE-2025-2113 | 2025-03-09 | AT Software Solutions ATSVD Esqueceu a senha sql injection |
| CVE-2025-2114 | 2025-03-09 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization |
| CVE-2025-2115 | 2025-03-09 | zzskzy Warehouse Refinement Management System AcceptZip.ashx ProcessRequest unrestricted upload |
| CVE-2025-1362 | 2025-03-09 | easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF |
| CVE-2025-1363 | 2025-03-09 | easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS |
| CVE-2025-1382 | 2025-03-09 | Contact Us By Lord Linus <= 2.6 - Admin+ Stored XSS via CSRF |
| CVE-2025-2116 | 2025-03-09 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery |
| CVE-2025-2117 | 2025-03-09 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System reportCenter.do electricDocList sql injection |
| CVE-2025-2118 | 2025-03-09 | Quantico Tecnologia PRMV Login Endpoint login.php sql injection |
| CVE-2025-2119 | 2025-03-09 | Thinkware Car Dashcam F800 Pro Device Registration default credentials |
| CVE-2025-2120 | 2025-03-09 | Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk |
| CVE-2025-2121 | 2025-03-09 | Thinkware Car Dashcam F800 Pro File Storage access control |
| CVE-2025-27636 | 2025-03-09 | Apache Camel: Camel Message Header Injection via Improper Filtering |
| CVE-2025-2122 | 2025-03-09 | Thinkware Car Dashcam F800 Pro Connection denial of service |
| CVE-2025-2123 | 2025-03-09 | GeSHi CSS cssgen.php get_var cross site scripting |
| CVE-2025-2124 | 2025-03-09 | Control iD RH iD API change_password cross site scripting |
| CVE-2025-2125 | 2025-03-09 | Control iD RH iD PDF Document companyId resource injection |
| CVE-2025-2126 | 2025-03-09 | JoomlaUX JUX Real Estate GET Parameter realties sql injection |
| CVE-2025-2127 | 2025-03-09 | JoomlaUX JUX Real Estate realties cross site scripting |
| CVE-2025-2129 | 2025-03-09 | Mage AI insecure default initialization of resource |
| CVE-2025-2130 | 2025-03-09 | OpenXE Ticket Bearbeiten Page cross site scripting |
| CVE-2025-2131 | 2025-03-09 | dayrui XunRuiCMS Friendly Links cross site scripting |
| CVE-2025-2132 | 2025-03-09 | ftcms Search ajax_all_lists sql injection |
| CVE-2025-2133 | 2025-03-09 | ftcms edit cross site scripting |
| CVE-2024-53307 | 2025-03-10 | A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint... |
| CVE-2024-55199 | 2025-03-10 | A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas... |
| CVE-2024-57492 | 2025-03-10 | An issue in redoxOS relibc before commit 98aa4ea5 allows a... |
| CVE-2025-25382 | 2025-03-10 | An issue in the Property Tax Payment Portal in Information... |
| CVE-2025-25614 | 2025-03-10 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation,... |
| CVE-2025-25615 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows... |
| CVE-2025-25616 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows... |
| CVE-2025-25620 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2025-25907 | 2025-03-10 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2025-25908 | 2025-03-10 | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows... |
| CVE-2025-25940 | 2025-03-10 | VisiCut 2.1 allows code execution via Insecure XML Deserialization in... |
| CVE-2025-25977 | 2025-03-10 | An issue in canvg v.4.0.2 allows an attacker to execute... |
| CVE-2025-27910 | 2025-03-10 | tianti v2.3 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2025-27913 | 2025-03-10 | Passbolt API before 5, if the server is misconfigured (with... |
| CVE-2025-27924 | 2025-03-10 | Nintex Automation 5.6 and 5.7 before 5.8 has a stored... |
| CVE-2025-27925 | 2025-03-10 | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization... |
| CVE-2025-27926 | 2025-03-10 | In Nintex Automation 5.6 and 5.7 before 5.8, the K2... |
| CVE-2024-43107 | 2025-03-10 | Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin... |
| CVE-2024-41724 | 2025-03-10 | Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO... |
| CVE-2025-1926 | 2025-03-10 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Cross-Site Request Forgery (CSRF) To Post Contents Modification |
| CVE-2024-11638 | 2025-03-10 | Gtbabel < 6.6.9 - Unauthenticated Admin Account Takeover |
| CVE-2025-2150 | 2025-03-10 | HGiga C&Cm@il - Stored Cross-Site Scripting |
| CVE-2025-27253 | 2025-03-10 | An improper input validation in GE Vernova UR IED family... |
| CVE-2025-27254 | 2025-03-10 | Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows... |
| CVE-2025-27255 | 2025-03-10 | Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR... |
| CVE-2025-27256 | 2025-03-10 | Missing Authentication for Critical Function vulnerability in GE Vernova Enervista... |
| CVE-2025-27257 | 2025-03-10 | Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR... |
| CVE-2025-24387 | 2025-03-10 | Missing CSRF protection |
| CVE-2024-13918 | 2025-03-10 | Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page |
| CVE-2024-13919 | 2025-03-10 | Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page |
| CVE-2025-2147 | 2025-03-10 | Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System file access |
| CVE-2025-1944 | 2025-03-10 | picklescan ZIP archive manipulation attack leads to crash |
| CVE-2025-1945 | 2025-03-10 | picklescan - Zip Flag Bit Exploit Crashes Picklescan But Not PyTorch |
| CVE-2025-2148 | 2025-03-10 | PyTorch Tuple torch.ops.profiler._call_end_callbacks_on_jit_fut memory corruption |
| CVE-2025-2149 | 2025-03-10 | PyTorch Quantized Sigmoid Module nnq_Sigmoid initialization |
| CVE-2025-2151 | 2025-03-10 | Open Asset Import Library Assimp File ParsingUtils.h GetNextLine stack-based overflow |
| CVE-2025-2152 | 2025-03-10 | Open Asset Import Library Assimp File BaseImporter.cpp ConvertToUTF8 heap-based overflow |
| CVE-2025-1497 | 2025-03-10 | Remote Code Execution in PlotAI |
| CVE-2025-2153 | 2025-03-10 | HDF5 h5 File H5SM.c H5SM_delete heap-based overflow |
| CVE-2025-26865 | 2025-03-10 | Apache OFBiz: Server-Side Template Injection affecting the ecommerce plugin leading to possible RCE |
| CVE-2024-12604 | 2025-03-10 | Improper Authentication in Tapandsign Technologies' Tap&Sign App |
| CVE-2025-26933 | 2025-03-10 | WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability |
| CVE-2025-26936 | 2025-03-10 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Remote Code Execution (RCE) vulnerability |
| CVE-2025-26910 | 2025-03-10 | WordPress WPBookit plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-26916 | 2025-03-10 | WordPress Massive Dynamic theme <= 8.2 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2024-47109 | 2025-03-10 | IBM Sterling File Gateway information disclosure |
| CVE-2024-52905 | 2025-03-10 | IBM Sterling B2B Integrator information disclosure |
| CVE-2025-24813 | 2025-03-10 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
| CVE-2024-52812 | 2025-03-10 | LF Edge eKuiper has Stored XSS in Rules Functionality |
| CVE-2025-1296 | 2025-03-10 | Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs |
| CVE-2025-22603 | 2025-03-10 | AutoGPT SSRF vulnerability |
| CVE-2025-25306 | 2025-03-10 | Misskey's Incomplete Patch of CVE-2024-52591 Leads to Forgery of Federated Notes |
| CVE-2024-56184 | 2025-03-10 | In static long dev_send of tipc_dev_ql, there is a possible... |
| CVE-2024-56185 | 2025-03-10 | In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read... |
| CVE-2024-56186 | 2025-03-10 | In closeChannel of secureelementimpl.cpp, there is a possible out of... |
| CVE-2024-56187 | 2025-03-10 | In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read... |
| CVE-2024-56188 | 2025-03-10 | there is a possible way to crash the modem due... |
| CVE-2025-27136 | 2025-03-10 | LocalS3 CreateBucketConfiguration Endpoint XML External Entity (XXE) Injection |
| CVE-2025-26696 | 2025-03-10 | Certain crafted MIME email messages that claimed to contain an... |
| CVE-2025-26695 | 2025-03-10 | When requesting an OpenPGP key from a WKD server, an... |
| CVE-2025-27615 | 2025-03-10 | umatiGateway's UI publicly accessible in provided docker-compose file |
| CVE-2025-27616 | 2025-03-10 | Vela Server has Insufficient Webhook Payload Data Verification |
| CVE-2024-54473 | 2025-03-10 | This issue was addressed with improved redaction of sensitive information.... |
| CVE-2024-54469 | 2025-03-10 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-44192 | 2025-03-10 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-54560 | 2025-03-10 | A logic issue was addressed with improved checks. This issue... |
| CVE-2024-54463 | 2025-03-10 | This issue was addressed with improved entitlements. This issue is... |
| CVE-2024-54546 | 2025-03-10 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-44227 | 2025-03-10 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-44179 | 2025-03-10 | This issue was addressed by restricting options offered on a... |
| CVE-2024-54467 | 2025-03-10 | A cookie management issue was addressed with improved state management.... |
| CVE-2024-54558 | 2025-03-10 | A clickjacking issue was addressed with improved out-of-process view handling.... |
| CVE-2022-43454 | 2025-03-10 | A double free issue was addressed with improved memory management.... |