CVE List - 2025 / March
Showing 1201 - 1300 of 4015 CVEs for March 2025 (Page 13 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-27397 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where... |
| CVE-2025-27398 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow... |
| CVE-2025-27438 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-27493 | 2025-03-11 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands... |
| CVE-2025-27494 | 2025-03-11 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint... |
| CVE-2025-2189 | 2025-03-11 | Information Disclosure Vulnerability in Tinxy Smart Devices |
| CVE-2025-2191 | 2025-03-11 | Claro A7600-A1 Ping6 Diagnóstico form2pingv6.cgi cross site scripting |
| CVE-2025-2192 | 2025-03-11 | Stoque Zeev.it Login Page server-side request forgery |
| CVE-2025-2193 | 2025-03-11 | MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal |
| CVE-2025-27363 | 2025-03-11 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX... |
| CVE-2025-2194 | 2025-03-11 | MRCMS org.marker.mushroom.controller.FileController list.do list cross site scripting |
| CVE-2025-2195 | 2025-03-11 | MRCMS org.marker.mushroom.controller.FileController rename.do rename cross site scripting |
| CVE-2025-22367 | 2025-03-11 | Mennekes smart/premium charges systems, Command injection in time setting |
| CVE-2025-22368 | 2025-03-11 | Mennekes smart/premium charges systems, Command injection in sCU firmware update |
| CVE-2025-22370 | 2025-03-11 | Mennekes smart/premium charges systems, SQL Injection in web configuration interface |
| CVE-2025-22366 | 2025-03-11 | Mennekes smart/premium charges systems, Command injection in firmware upgrade |
| CVE-2025-22369 | 2025-03-11 | Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint |
| CVE-2025-2196 | 2025-03-11 | MRCMS org.marker.mushroom.controller.FileController upload.do upload cross site scripting |
| CVE-2024-54085 | 2025-03-11 | Redfish Authentication Bypass |
| CVE-2024-54084 | 2025-03-11 | SMM Arbitrary Write via TOCTOU Vulnerability |
| CVE-2025-22454 | 2025-03-11 | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
| CVE-2025-27403 | 2025-03-11 | Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries |
| CVE-2024-55597 | 2025-03-11 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests. |
| CVE-2023-40723 | 2025-03-11 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0... |
| CVE-2024-45328 | 2025-03-11 | An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. |
| CVE-2023-42784 | 2025-03-11 | An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code... |
| CVE-2024-55592 | 2025-03-11 | An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all... |
| CVE-2024-52961 | 2025-03-11 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated... |
| CVE-2023-48790 | 2025-03-11 | A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute... |
| CVE-2024-46663 | 2025-03-11 | A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI... |
| CVE-2024-45324 | 2025-03-11 | A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6,... |
| CVE-2024-55590 | 2025-03-11 | Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least... |
| CVE-2024-52960 | 2025-03-11 | A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute... |
| CVE-2023-37933 | 2025-03-11 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform... |
| CVE-2024-54018 | 2025-03-11 | Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. |
| CVE-2024-32123 | 2025-03-11 | Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and... |
| CVE-2024-54026 | 2025-03-11 | An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and... |
| CVE-2024-33501 | 2025-03-11 | Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2... |
| CVE-2025-27601 | 2025-03-11 | Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality |
| CVE-2025-27602 | 2025-03-11 | Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content |
| CVE-2025-27617 | 2025-03-11 | Pimcore Vulnerable to SQL Injection in getRelationFilterCondition |
| CVE-2025-22213 | 2025-03-11 | [20250301] - Core - Malicious file uploads via Media Manager |
| CVE-2025-27172 | 2025-03-11 | Substance3D - Designer | Out-of-bounds Write (CWE-787) |
| CVE-2025-21169 | 2025-03-11 | Substance3D - Designer | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-56338 | 2025-03-11 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2024-9157 | 2025-03-11 | Privilege Escalation Vulnerability in CxUIUSvc service |
| CVE-2025-26634 | 2025-03-11 | Windows Core Messaging Elevation of Privileges Vulnerability |
| CVE-2025-24035 | 2025-03-11 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24044 | 2025-03-11 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24043 | 2025-03-11 | WinDbg Remote Code Execution Vulnerability |
| CVE-2025-24057 | 2025-03-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24070 | 2025-03-11 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-24077 | 2025-03-11 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24078 | 2025-03-11 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24079 | 2025-03-11 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-24080 | 2025-03-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24081 | 2025-03-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24082 | 2025-03-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24083 | 2025-03-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-24986 | 2025-03-11 | Azure Promptflow Remote Code Execution Vulnerability |
| CVE-2025-24987 | 2025-03-11 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24988 | 2025-03-11 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2025-21180 | 2025-03-11 | Windows exFAT File System Remote Code Execution Vulnerability |
| CVE-2025-24995 | 2025-03-11 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24996 | 2025-03-11 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24997 | 2025-03-11 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| CVE-2025-24998 | 2025-03-11 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-25003 | 2025-03-11 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-25008 | 2025-03-11 | Windows Server Elevation of Privilege Vulnerability |
| CVE-2025-21247 | 2025-03-11 | MapUrlToZone Security Feature Bypass Vulnerability |
| CVE-2025-21199 | 2025-03-11 | Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability |
| CVE-2025-24045 | 2025-03-11 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-24046 | 2025-03-11 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24048 | 2025-03-11 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24050 | 2025-03-11 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-24051 | 2025-03-11 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-24054 | 2025-03-11 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-24055 | 2025-03-11 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
| CVE-2025-24056 | 2025-03-11 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-24059 | 2025-03-11 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-24061 | 2025-03-11 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2025-24064 | 2025-03-11 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2025-24066 | 2025-03-11 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24067 | 2025-03-11 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-24071 | 2025-03-11 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-24072 | 2025-03-11 | Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability |
| CVE-2025-24075 | 2025-03-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-24076 | 2025-03-11 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24084 | 2025-03-11 | Windows Subsystem for Linux (WSL2) Kernel Remote Code Execution Vulnerability |
| CVE-2025-24983 | 2025-03-11 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2025-24984 | 2025-03-11 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24985 | 2025-03-11 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability |
| CVE-2025-24991 | 2025-03-11 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24992 | 2025-03-11 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-24993 | 2025-03-11 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2025-24994 | 2025-03-11 | Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability |
| CVE-2025-24049 | 2025-03-11 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2025-26627 | 2025-03-11 | Azure Arc Installer Elevation of Privilege Vulnerability |
| CVE-2025-26629 | 2025-03-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26630 | 2025-03-11 | Microsoft Access Remote Code Execution Vulnerability |