CVE List - 2025 / March
Showing 1601 - 1700 of 4015 CVEs for March 2025 (Page 17 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-2280 | 2025-03-13 | Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. |
| CVE-2025-2263 | 2025-03-13 | Santesoft Sante PACS Server Stack-based Buffer Overflow |
| CVE-2025-2264 | 2025-03-13 | Santesoft Sante PACS Server Path Traversal Information Disclosure |
| CVE-2025-2265 | 2025-03-13 | Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation |
| CVE-2025-2284 | 2025-03-13 | Santesoft Sante PACS Server Access of Uninitialized Pointer DoS |
| CVE-2025-24974 | 2025-03-13 | DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2024-9042 | 2025-03-13 | This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. |
| CVE-2025-1767 | 2025-03-13 | This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has... |
| CVE-2025-27103 | 2025-03-13 | Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2025-1427 | 2025-03-13 | CATPRODUCT File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-1428 | 2025-03-13 | CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1429 | 2025-03-13 | MODEL File Parsing Heap-Based Buffer Overflow Vulnerability |
| CVE-2025-1430 | 2025-03-13 | SLDPRT File Parsing Memory Corruption Vulnerability |
| CVE-2025-1431 | 2025-03-13 | SLDPRT File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1432 | 2025-03-13 | 3DM File Parsing Use-After-Free Vulnerability |
| CVE-2025-27138 | 2025-03-13 | DataEase has an improper authentication vulnerability |
| CVE-2025-1433 | 2025-03-13 | MODEL File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1649 | 2025-03-13 | CATPRODUCT File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-1650 | 2025-03-13 | CATPRODUCT File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-1651 | 2025-03-13 | MODEL File Parsing Heap-Based Buffer Overflow Vulnerability |
| CVE-2025-1652 | 2025-03-13 | MODEL File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-27107 | 2025-03-13 | Integrated Scripting vulnerable to arbitrary code execution via Java reflection |
| CVE-2025-2079 | 2025-03-13 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON... |
| CVE-2025-2080 | 2025-03-13 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and... |
| CVE-2025-2081 | 2025-03-13 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. |
| CVE-2025-29768 | 2025-03-13 | Vim vulnerable to potential data loss with zip.vim and special crafted zip files |
| CVE-2025-29773 | 2025-03-13 | Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover |
| CVE-2025-24053 | 2025-03-13 | Microsoft Dataverse Elevation of Privilege Vulnerability |
| CVE-2024-30143 | 2025-03-13 | A path traversal vulnerability in HCL AppScan Traffic Recorder |
| CVE-2025-2230 | 2025-03-13 | Philips Intellispace Cardiovascular (ISCV) Improper Authentication |
| CVE-2025-2229 | 2025-03-13 | Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials |
| CVE-2025-27496 | 2025-03-13 | Snowflake JDBC Driver client-side encryption key in DEBUG logs |
| CVE-2024-29409 | 2025-03-14 | File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. |
| CVE-2024-55549 | 2025-03-14 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. |
| CVE-2025-24855 | 2025-03-14 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs,... |
| CVE-2025-25871 | 2025-03-14 | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function |
| CVE-2025-25872 | 2025-03-14 | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function |
| CVE-2025-25873 | 2025-03-14 | Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function |
| CVE-2025-26163 | 2025-03-14 | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter. |
| CVE-2025-26312 | 2025-03-14 | SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter. |
| CVE-2025-29029 | 2025-03-14 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. |
| CVE-2025-29030 | 2025-03-14 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. |
| CVE-2025-29031 | 2025-03-14 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. |
| CVE-2025-29032 | 2025-03-14 | Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function. |
| CVE-2025-29384 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. |
| CVE-2025-29385 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. |
| CVE-2025-29386 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. |
| CVE-2025-29387 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. |
| CVE-2025-30022 | 2025-03-14 | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter. |
| CVE-2024-11285 | 2025-03-14 | WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover |
| CVE-2025-1285 | 2025-03-14 | Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update |
| CVE-2025-1528 | 2025-03-14 | Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure |
| CVE-2024-11284 | 2025-03-14 | WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover |
| CVE-2025-2166 | 2025-03-14 | CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting |
| CVE-2024-11286 | 2025-03-14 | WP JobHunt <= 7.1 - Authentication Bypass |
| CVE-2024-11283 | 2025-03-14 | WP JobHunt <= 7.1 - Authentication Bypass to Candidate |
| CVE-2025-0955 | 2025-03-14 | VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import |
| CVE-2025-2056 | 2025-03-14 | WP Ghost <= 5.4.01 - Unauthenticated Limited File Read |
| CVE-2025-1764 | 2025-03-14 | LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-2289 | 2025-03-14 | Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates |
| CVE-2025-0952 | 2025-03-14 | Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-13376 | 2025-03-14 | Industrial <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-2103 | 2025-03-14 | SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13913 | 2025-03-14 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2025-2221 | 2025-03-14 | WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection |
| CVE-2024-13824 | 2025-03-14 | CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection |
| CVE-2025-1526 | 2025-03-14 | DethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13321 | 2025-03-14 | AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection |
| CVE-2024-13407 | 2025-03-14 | Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-8176 | 2025-03-14 | Libexpat: expat: improper restriction of xml entity expansion depth in libexpat |
| CVE-2025-1507 | 2025-03-14 | ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation |
| CVE-2024-26006 | 2025-03-14 | An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and... |
| CVE-2024-12810 | 2025-03-14 | JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrative Actions |
| CVE-2024-13771 | 2025-03-14 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update |
| CVE-2025-2232 | 2025-03-14 | Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' |
| CVE-2024-13772 | 2025-03-14 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass |
| CVE-2024-13773 | 2025-03-14 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure |
| CVE-2025-2304 | 2025-03-14 | Camaleon CMS Privilege Escalation |
| CVE-2025-27593 | 2025-03-14 | RCE due to Device Driver |
| CVE-2025-26626 | 2025-03-14 | GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting |
| CVE-2025-27594 | 2025-03-14 | Unencrypted transmission of password hash |
| CVE-2025-27595 | 2025-03-14 | Weak hashing alghrythm |
| CVE-2025-2000 | 2025-03-14 | Qiskit SDK code execution |
| CVE-2025-29776 | 2025-03-14 | Azle calling `setTimer` causes infinite loop of timers |
| CVE-2025-2268 | 2025-03-14 | HP LaserJet MFP M232-M237 Printer Series - Potential Denial of Service |
| CVE-2023-52927 | 2025-03-14 | netfilter: allow exp not to be removed in nf_ct_find_expectation |
| CVE-2024-45643 | 2025-03-14 | IBM QRadar EDR information disclosure |
| CVE-2024-45638 | 2025-03-14 | IBM QRadar EDR information disclosure |
| CVE-2024-40590 | 2025-03-14 | An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer... |
| CVE-2024-46662 | 2025-03-14 | A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of... |
| CVE-2024-47573 | 2025-03-14 | An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an... |
| CVE-2022-29059 | 2025-03-14 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below... |
| CVE-2024-40585 | 2025-03-14 | An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below... |
| CVE-2023-45588 | 2025-03-14 | An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code... |
| CVE-2023-33300 | 2025-03-14 | A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically... |
| CVE-2023-48785 | 2025-03-14 | An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between... |
| CVE-2025-1888 | 2025-03-14 | Reflected Cross Site Scripting in Aperio Eslide Manager |
| CVE-2024-55594 | 2025-03-14 | An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code... |
| CVE-2025-27606 | 2025-03-14 | Element Android PIN autologout bypass |
| CVE-2025-29774 | 2025-03-14 | xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References |