CVE List - 2025 / March
Showing 1601 - 1700 of 4018 CVEs for March 2025 (Page 17 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-2278 | 2025-03-13 | Improper access control in temporary access requests and checkout requests... |
| CVE-2025-2280 | 2025-03-13 | Improper access control in web extension restriction feature in Devolutions... |
| CVE-2025-2263 | 2025-03-13 | Santesoft Sante PACS Server Stack-based Buffer Overflow |
| CVE-2025-2264 | 2025-03-13 | Santesoft Sante PACS Server Path Traversal Information Disclosure |
| CVE-2025-2265 | 2025-03-13 | Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation |
| CVE-2025-2284 | 2025-03-13 | Santesoft Sante PACS Server Access of Uninitialized Pointer DoS |
| CVE-2025-24974 | 2025-03-13 | DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2024-9042 | 2025-03-13 | This CVE affects only Windows worker nodes. Your worker node... |
| CVE-2025-1767 | 2025-03-13 | This CVE only affects Kubernetes clusters that utilize the in-tree... |
| CVE-2025-27103 | 2025-03-13 | Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2025-1427 | 2025-03-13 | CATPRODUCT File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-1428 | 2025-03-13 | CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1429 | 2025-03-13 | MODEL File Parsing Heap-Based Buffer Overflow Vulnerability |
| CVE-2025-1430 | 2025-03-13 | SLDPRT File Parsing Memory Corruption Vulnerability |
| CVE-2025-1431 | 2025-03-13 | SLDPRT File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1432 | 2025-03-13 | 3DM File Parsing Use-After-Free Vulnerability |
| CVE-2025-27138 | 2025-03-13 | DataEase has an improper authentication vulnerability |
| CVE-2025-1433 | 2025-03-13 | MODEL File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1649 | 2025-03-13 | CATPRODUCT File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-1650 | 2025-03-13 | CATPRODUCT File Parsing Uninitialized Variable Vulnerability |
| CVE-2025-1651 | 2025-03-13 | MODEL File Parsing Heap-Based Buffer Overflow Vulnerability |
| CVE-2025-1652 | 2025-03-13 | MODEL File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-27107 | 2025-03-13 | Integrated Scripting vulnerable to arbitrary code execution via Java reflection |
| CVE-2025-2079 | 2025-03-13 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks... |
| CVE-2025-2080 | 2025-03-13 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks... |
| CVE-2025-2081 | 2025-03-13 | Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks... |
| CVE-2025-29768 | 2025-03-13 | Vim vulnerable to potential data loss with zip.vim and special crafted zip files |
| CVE-2025-29773 | 2025-03-13 | Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover |
| CVE-2025-24053 | 2025-03-13 | Microsoft Dataverse Elevation of Privilege Vulnerability |
| CVE-2024-30143 | 2025-03-13 | A path traversal vulnerability in HCL AppScan Traffic Recorder |
| CVE-2025-2230 | 2025-03-13 | Philips Intellispace Cardiovascular (ISCV) Improper Authentication |
| CVE-2025-2229 | 2025-03-13 | Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials |
| CVE-2025-27496 | 2025-03-13 | Snowflake JDBC Driver client-side encryption key in DEBUG logs |
| CVE-2024-29409 | 2025-03-14 | File Upload vulnerability in nestjs nest v.10.3.2 allows a remote... |
| CVE-2024-55549 | 2025-03-14 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related... |
| CVE-2025-24855 | 2025-03-14 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in... |
| CVE-2025-25871 | 2025-03-14 | An issue in Open Panel v.0.3.4 allows a remote attacker... |
| CVE-2025-25872 | 2025-03-14 | An issue in Open Panel v.0.3.4 allows a remote attacker... |
| CVE-2025-25873 | 2025-03-14 | Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4... |
| CVE-2025-26163 | 2025-03-14 | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to... |
| CVE-2025-26312 | 2025-03-14 | SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass... |
| CVE-2025-29029 | 2025-03-14 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow... |
| CVE-2025-29030 | 2025-03-14 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow... |
| CVE-2025-29031 | 2025-03-14 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow... |
| CVE-2025-29032 | 2025-03-14 | Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow... |
| CVE-2025-29384 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan... |
| CVE-2025-29385 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan... |
| CVE-2025-29386 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan... |
| CVE-2025-29387 | 2025-03-14 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan... |
| CVE-2025-30022 | 2025-03-14 | CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to... |
| CVE-2024-11285 | 2025-03-14 | WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover |
| CVE-2025-1285 | 2025-03-14 | Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings Update |
| CVE-2025-1528 | 2025-03-14 | Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure |
| CVE-2024-11284 | 2025-03-14 | WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover |
| CVE-2025-2166 | 2025-03-14 | CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting |
| CVE-2024-11286 | 2025-03-14 | WP JobHunt <= 7.1 - Authentication Bypass |
| CVE-2024-11283 | 2025-03-14 | WP JobHunt <= 7.1 - Authentication Bypass to Candidate |
| CVE-2025-0955 | 2025-03-14 | VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import |
| CVE-2025-2056 | 2025-03-14 | WP Ghost <= 5.4.01 - Unauthenticated Limited File Read |
| CVE-2025-1764 | 2025-03-14 | LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2025-2289 | 2025-03-14 | Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates |
| CVE-2025-0952 | 2025-03-14 | Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-13376 | 2025-03-14 | Industrial <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-2103 | 2025-03-14 | SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-13913 | 2025-03-14 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2025-2221 | 2025-03-14 | WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection |
| CVE-2024-13824 | 2025-03-14 | CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection |
| CVE-2025-1526 | 2025-03-14 | DethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13321 | 2025-03-14 | AnalyticsWP <= 2.0.0 - Unauthenticated SQL Injection |
| CVE-2024-13407 | 2025-03-14 | Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-8176 | 2025-03-14 | Libexpat: expat: improper restriction of xml entity expansion depth in libexpat |
| CVE-2025-1507 | 2025-03-14 | ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation |
| CVE-2024-26006 | 2025-03-14 | An improper neutralization of input during web page Generation vulnerability... |
| CVE-2024-12810 | 2025-03-14 | JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrative Actions |
| CVE-2024-13771 | 2025-03-14 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Password Update |
| CVE-2025-2232 | 2025-03-14 | Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' |
| CVE-2024-13772 | 2025-03-14 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Authentication Bypass via Non-Randomized Password for SSO Accounts |
| CVE-2024-13773 | 2025-03-14 | Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure |
| CVE-2025-2304 | 2025-03-14 | Camaleon CMS Privilege Escalation |
| CVE-2025-27593 | 2025-03-14 | RCE due to Device Driver |
| CVE-2025-26626 | 2025-03-14 | GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting |
| CVE-2025-27594 | 2025-03-14 | Unencrypted transmission of password hash |
| CVE-2025-27595 | 2025-03-14 | Weak hashing alghrythm |
| CVE-2025-2000 | 2025-03-14 | Qiskit SDK code execution |
| CVE-2025-29776 | 2025-03-14 | Azle calling `setTimer` causes infinite loop of timers |
| CVE-2025-2268 | 2025-03-14 | HP LaserJet MFP M232-M237 Printer Series - Potential Denial of Service |
| CVE-2023-52927 | 2025-03-14 | netfilter: allow exp not to be removed in nf_ct_find_expectation |
| CVE-2024-45643 | 2025-03-14 | IBM QRadar EDR information disclosure |
| CVE-2024-45638 | 2025-03-14 | IBM QRadar EDR information disclosure |
| CVE-2024-40590 | 2025-03-14 | An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0,... |
| CVE-2024-46662 | 2025-03-14 | A improper neutralization of special elements used in a command... |
| CVE-2024-47573 | 2025-03-14 | An improper validation of integrity check value vulnerability [CWE-354] in... |
| CVE-2022-29059 | 2025-03-14 | An improper neutralization of special elements used in an SQL... |
| CVE-2024-40585 | 2025-03-14 | An insertion of sensitive information into log file vulnerabilities [CWE-532]... |
| CVE-2023-45588 | 2025-03-14 | An external control of file name or path vulnerability [CWE-73]... |
| CVE-2023-33300 | 2025-03-14 | A improper neutralization of special elements used in a command... |
| CVE-2023-48785 | 2025-03-14 | An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4... |
| CVE-2025-1888 | 2025-03-14 | Reflected Cross Site Scripting in Aperio Eslide Manager |
| CVE-2024-55594 | 2025-03-14 | An improper handling of syntactically invalid structure in Fortinet FortiWeb... |
| CVE-2025-27606 | 2025-03-14 | Element Android PIN autologout bypass |