CVE List - 2025 / March
Showing 1901 - 2000 of 4015 CVEs for March 2025 (Page 20 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-2389 | 2025-03-17 | code-projects Blood Bank Management System add_city.php sql injection |
| CVE-2025-2390 | 2025-03-17 | code-projects Blood Bank Management System add_donor.php sql injection |
| CVE-2024-8510 | 2025-03-17 | N-central Path Traversal |
| CVE-2025-0495 | 2025-03-17 | Secrets leakage to telemetry endpoint via cache backend configuration via buildx |
| CVE-2025-2391 | 2025-03-17 | code-projects Blood Bank Management System Admin Login Page admin_login.php sql injection |
| CVE-2024-54565 | 2025-03-17 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data. |
| CVE-2024-54525 | 2025-03-17 | A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a... |
| CVE-2024-54559 | 2025-03-17 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data. |
| CVE-2025-24185 | 2025-03-17 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may... |
| CVE-2024-44276 | 2025-03-17 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position... |
| CVE-2025-2392 | 2025-03-17 | code-projects Online Class and Exam Scheduling System activate.php sql injection |
| CVE-2025-26393 | 2025-03-17 | SolarWinds Service Desk Broken Access Control Vulnerability |
| CVE-2025-2393 | 2025-03-17 | code-projects Online Class and Exam Scheduling System salut_del.php sql injection |
| CVE-2025-2397 | 2025-03-17 | China Mobile P22g-CIac Telnet Service improper authorization |
| CVE-2025-2398 | 2025-03-17 | China Mobile P22g-CIac CLI su Command default credentials |
| CVE-2024-40635 | 2025-03-17 | containerd has an integer overflow in User ID handling |
| CVE-2025-29781 | 2025-03-17 | Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD |
| CVE-2025-29909 | 2025-03-17 | CryptoLib's Crypto_TC_ApplySecurity() Has a Heap Buffer Overflow Vulnerability |
| CVE-2025-2419 | 2025-03-17 | code-projects Real Estate Property Management System InsertFeedback.php sql injection |
| CVE-2025-29910 | 2025-03-17 | CryptoLib's crypto_handle_incrementing_nontransmitted_counter Function has Memory Leak |
| CVE-2025-29911 | 2025-03-17 | CryptoLib Has Heap Buffer Overflow in Crypto_AOS_ProcessSecurity Function |
| CVE-2025-2420 | 2025-03-17 | 猫宁i Morning cross-site request forgery |
| CVE-2023-22512 | 2025-03-17 | This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated... |
| CVE-2025-29912 | 2025-03-17 | CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity |
| CVE-2025-29913 | 2025-03-17 | CryptoLib's Crypto_TC_Prep_AAD Has Buffer Overflow Due to Integer Underflow |
| CVE-2025-2471 | 2025-03-17 | PHPGurukul Boat Booking System boat-details.php sql injection |
| CVE-2025-2472 | 2025-03-17 | PHPGurukul Apartment Visitors Management System Sign In index.php sql injection |
| CVE-2024-44313 | 2025-03-18 | TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks. |
| CVE-2024-44314 | 2025-03-18 | TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which... |
| CVE-2024-57151 | 2025-03-18 | SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function |
| CVE-2024-57169 | 2025-03-18 | A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious... |
| CVE-2024-57170 | 2025-03-18 | SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables... |
| CVE-2025-25500 | 2025-03-18 | An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract... |
| CVE-2025-25580 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. |
| CVE-2025-25582 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml. |
| CVE-2025-25585 | 2025-03-18 | Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. |
| CVE-2025-25586 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. |
| CVE-2025-25589 | 2025-03-18 | An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file. |
| CVE-2025-25590 | 2025-03-18 | yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. |
| CVE-2025-25595 | 2025-03-18 | A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack. |
| CVE-2025-26137 | 2025-03-18 | Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path,... |
| CVE-2025-26138 | 2025-03-18 | Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement the... |
| CVE-2025-30106 | 2025-03-18 | On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's... |
| CVE-2025-30107 | 2025-03-18 | On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized... |
| CVE-2025-30109 | 2025-03-18 | In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker... |
| CVE-2025-30110 | 2025-03-18 | On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass... |
| CVE-2025-30111 | 2025-03-18 | On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to... |
| CVE-2025-30113 | 2025-03-18 | An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded... |
| CVE-2025-30114 | 2025-03-18 | An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address.... |
| CVE-2025-30115 | 2025-03-18 | An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be... |
| CVE-2025-30116 | 2025-03-18 | An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to... |
| CVE-2025-30117 | 2025-03-18 | An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties.... |
| CVE-2025-30122 | 2025-03-18 | An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access... |
| CVE-2025-30123 | 2025-03-18 | An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract... |
| CVE-2025-30132 | 2025-03-18 | An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that... |
| CVE-2025-30137 | 2025-03-18 | An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide... |
| CVE-2025-30138 | 2025-03-18 | An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users... |
| CVE-2025-30139 | 2025-03-18 | An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This... |
| CVE-2025-30140 | 2025-03-18 | An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an... |
| CVE-2025-30141 | 2025-03-18 | An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092... |
| CVE-2025-30142 | 2025-03-18 | An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing... |
| CVE-2025-2473 | 2025-03-18 | PHPGurukul Company Visitor Management System Sign In index.php sql injection |
| CVE-2025-2262 | 2025-03-18 | Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-24306 | 2025-03-18 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS... |
| CVE-2025-25220 | 2025-03-18 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. If this vulnerability is exploited, an arbitrary OS... |
| CVE-2025-0755 | 2025-03-18 | MongoDB C Driver bson library may be susceptible to buffer overflow |
| CVE-2025-1468 | 2025-03-18 | CODESYS Control V3 - OPC UA Server Authentication bypass |
| CVE-2024-23942 | 2025-03-18 | MB connect line: Configuration File on the client workstation is not encrypted |
| CVE-2024-23943 | 2025-03-18 | MB connect line: Cloud API access due to a lack of authentication for a critical function |
| CVE-2025-0694 | 2025-03-18 | CODESYS Control V3 removable media path traversal |
| CVE-2024-41975 | 2025-03-18 | CODESYS (Edge) Gateway for Windows insecure default |
| CVE-2025-2493 | 2025-03-18 | Path Traversal vulnerability in Softdial Contact Center |
| CVE-2025-2489 | 2025-03-18 | Insecure storage of sensitive information in NTFS Tool |
| CVE-2025-2494 | 2025-03-18 | Unrestricted file upload vulnerability in Softdial Contact Center |
| CVE-2025-2495 | 2025-03-18 | Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center |
| CVE-2025-2450 | 2025-03-18 | NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability |
| CVE-2025-2449 | 2025-03-18 | NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-8997 | 2025-03-18 | SQLi in Vestel's EVC04 Configuration Interface |
| CVE-2024-21760 | 2025-03-18 | An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions... |
| CVE-2023-47539 | 2025-03-18 | An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP... |
| CVE-2025-2490 | 2025-03-18 | Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting |
| CVE-2024-49822 | 2025-03-18 | IBM QRadar Advisor server-side request forgery |
| CVE-2025-2491 | 2025-03-18 | Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting |
| CVE-2025-27688 | 2025-03-18 | Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| CVE-2024-56346 | 2025-03-18 | IBM AIX command execution |
| CVE-2024-56347 | 2025-03-18 | IBM AIX command execution |
| CVE-2025-2487 | 2025-03-18 | 389-ds-base: null pointer dereference leads to denial of service |
| CVE-2023-22514 | 2025-03-18 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS... |
| CVE-2025-21619 | 2025-03-18 | GLPI allows SQL injection through the rules configuration |
| CVE-2025-24799 | 2025-03-18 | GLPI allows unauthenticated SQL injection through the inventory endpoint |
| CVE-2025-24801 | 2025-03-18 | GLPI allows authenticated remote code execution |
| CVE-2025-29790 | 2025-03-18 | Contao allows cross-site scripting through SVG uploads |
| CVE-2025-29907 | 2025-03-18 | jsPDF Bypass Regular Expression Denial of Service (ReDoS) |
| CVE-2025-29930 | 2025-03-18 | imFAQ allows local file inclusion in seo.php |
| CVE-2025-25040 | 2025-03-18 | Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches |
| CVE-2025-25042 | 2025-03-18 | Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface |
| CVE-2025-27080 | 2025-03-18 | Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface |
| CVE-2024-12563 | 2025-03-18 | s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode |
| CVE-2024-55009 | 2025-03-19 | A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via... |
| CVE-2024-55551 | 2025-03-19 | An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver... |