CVE List - 2025 / March
Showing 2001 - 2100 of 4018 CVEs for March 2025 (Page 21 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-55551 | 2025-03-19 | An issue was discovered in Exasol JDBC driver before 24.2.1... |
| CVE-2024-57061 | 2025-03-19 | An issue in Termius Version 9.9.0 through v.9.16.0 allows a... |
| CVE-2025-26816 | 2025-03-19 | A vulnerability in Intrexx Portal Server 12.0.2 and earlier which... |
| CVE-2025-29118 | 2025-03-19 | Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow... |
| CVE-2025-29137 | 2025-03-19 | Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by... |
| CVE-2025-29401 | 2025-03-19 | An arbitrary file upload vulnerability in the component /views/plugin.php of... |
| CVE-2025-29405 | 2025-03-19 | An arbitrary file upload vulnerability in the component /admin/template.php of... |
| CVE-2025-30092 | 2025-03-19 | Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2... |
| CVE-2025-30234 | 2025-03-19 | SmartOS, as used in Triton Data Center and other products,... |
| CVE-2025-30235 | 2025-03-19 | Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable... |
| CVE-2025-30236 | 2025-03-19 | Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only... |
| CVE-2025-30258 | 2025-03-19 | In GnuPG before 2.5.5, if a user chooses to import... |
| CVE-2025-30259 | 2025-03-19 | The WhatsApp cloud service before late 2024 did not block... |
| CVE-2024-10444 | 2025-03-19 | Improper certificate validation vulnerability in the LDAP utilities in Synology... |
| CVE-2024-10441 | 2025-03-19 | Improper encoding or escaping of output vulnerability in the system... |
| CVE-2024-10445 | 2025-03-19 | Improper certificate validation vulnerability in the update functionality in Synology... |
| CVE-2024-10442 | 2025-03-19 | Off-by-one error vulnerability in the transmission component in Synology Replication... |
| CVE-2024-11131 | 2025-03-19 | A vulnerability regarding out-of-bounds read is found in the video... |
| CVE-2025-2290 | 2025-03-19 | LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing |
| CVE-2024-12295 | 2025-03-19 | BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password |
| CVE-2024-12922 | 2025-03-19 | Altair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current |
| CVE-2024-50629 | 2025-03-19 | Improper encoding or escaping of output vulnerability in the webapi... |
| CVE-2024-50630 | 2025-03-19 | Missing authentication for critical function vulnerability in the webapi component... |
| CVE-2024-50631 | 2025-03-19 | Improper neutralization of special elements used in an SQL command... |
| CVE-2025-1232 | 2025-03-19 | Site Reviews < 7.2.5 - Unauthenticated Stored XSS |
| CVE-2024-13410 | 2025-03-19 | CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler |
| CVE-2024-13412 | 2025-03-19 | CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler |
| CVE-2024-13790 | 2025-03-19 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion |
| CVE-2024-12137 | 2025-03-19 | Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028 |
| CVE-2024-12136 | 2025-03-19 | Improper Access Control in Elfatek Elektronics' ANKA JPD-00028 |
| CVE-2025-27018 | 2025-03-19 | Apache Airflow MySQL Provider: SQL injection in MySQL provider core function |
| CVE-2024-13933 | 2025-03-19 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2024-13442 | 2025-03-19 | Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2024-12920 | 2025-03-19 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions |
| CVE-2025-2511 | 2025-03-19 | AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter |
| CVE-2024-45644 | 2025-03-19 | IBM Security ReaQta file upload |
| CVE-2025-2512 | 2025-03-19 | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function |
| CVE-2025-1472 | 2025-03-19 | Unauthorized View Access to Site Statistics and Team Statistics |
| CVE-2024-42176 | 2025-03-19 | HCL MyXalytics is affected by concurrent login vulnerability |
| CVE-2025-26475 | 2025-03-19 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s)... |
| CVE-2025-30154 | 2025-03-19 | Multiple Reviewdog actions were compromised during a specific time period |
| CVE-2025-23382 | 2025-03-19 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s)... |
| CVE-2025-2324 | 2025-03-19 | A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder |
| CVE-2025-26485 | 2025-03-19 | The Exposure of Sensitive Information to an Unauthorized Actor vulnerability... |
| CVE-2025-1758 | 2025-03-19 | Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer... |
| CVE-2025-29770 | 2025-03-19 | vLLM denial of service via outlines unbounded cache on disk |
| CVE-2025-29783 | 2025-03-19 | vLLM Allows Remote Code Execution via Mooncake Integration |
| CVE-2025-30196 | 2025-03-19 | Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for... |
| CVE-2025-30197 | 2025-03-19 | Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask... |
| CVE-2025-30144 | 2025-03-19 | Fast-JWT Improperly Validates iss Claims |
| CVE-2025-26486 | 2025-03-19 | Use of a Broken or Risky Cryptographic Algorithm, Use of... |
| CVE-2025-30152 | 2025-03-19 | Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout |
| CVE-2025-30153 | 2025-03-19 | Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter |
| CVE-2024-53970 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-53969 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-53968 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-53967 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-0431 | 2025-03-19 | Enterprise Protection Backslash URL Rewrite Bypass |
| CVE-2025-29924 | 2025-03-19 | XWiki uses the wrong wiki reference in AuthorizationManager |
| CVE-2025-29925 | 2025-03-19 | XWiki allows unregistered users to access private pages information through REST endpoint |
| CVE-2025-29926 | 2025-03-19 | The WikiManager REST API allows any user to create wikis |
| CVE-2024-25132 | 2025-03-19 | Openshift-dedicated: hive: hibernation controller denial of service |
| CVE-2024-51459 | 2025-03-19 | IBM InfoSphere Server Information command execution |
| CVE-2024-7631 | 2025-03-19 | Openshift-console: openshift console: path traversal |
| CVE-2025-2476 | 2025-03-19 | Use after free in Lens in Google Chrome prior to... |
| CVE-2025-2536 | 2025-03-19 | Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128,... |
| CVE-2025-27415 | 2025-03-19 | Nuxt allows DOS via cache poisoning with payload rendering response |
| CVE-2025-27704 | 2025-03-19 | There is a cross-site scripting vulnerability in the Secure Access... |
| CVE-2025-27705 | 2025-03-19 | There is a cross-site scripting vulnerability in the Secure Access... |
| CVE-2025-27780 | 2025-03-19 | Applio allows unsafe deserialization in model_information.py |
| CVE-2025-27781 | 2025-03-19 | Applio allows unsafe deserialization in inference.py |
| CVE-2025-27785 | 2025-03-19 | Applio allows arbitrary file read in train.py export_index function |
| CVE-2025-27786 | 2025-03-19 | Applio allows arbitrary file removal in core.py |
| CVE-2025-27787 | 2025-03-19 | Applio allows a DoS in restart.py |
| CVE-2025-27784 | 2025-03-19 | Applio allows arbitrary file read in train.py export_pth function |
| CVE-2025-27783 | 2025-03-19 | Applio allows arbitrary file write in train.py |
| CVE-2025-27782 | 2025-03-19 | Applio allows arbitrary file write in inference.py |
| CVE-2025-27779 | 2025-03-19 | Applio allows unsafe deserialization in model_blender.py |
| CVE-2025-27778 | 2025-03-19 | Applio allows unsafe deserialization in infer.py |
| CVE-2025-27777 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2025-27776 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2025-27775 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2025-27774 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2024-48590 | 2025-03-20 | Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF)... |
| CVE-2024-48591 | 2025-03-20 | Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS).... |
| CVE-2024-57440 | 2025-03-20 | D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via... |
| CVE-2025-25758 | 2025-03-20 | An issue in KukuFM Android v1.12.7 (11207) allows attackers to... |
| CVE-2025-26852 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows... |
| CVE-2025-26853 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has... |
| CVE-2025-29101 | 2025-03-20 | Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow... |
| CVE-2025-29121 | 2025-03-20 | A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability... |
| CVE-2025-29149 | 2025-03-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow... |
| CVE-2025-29214 | 2025-03-20 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow... |
| CVE-2025-29215 | 2025-03-20 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow... |
| CVE-2025-29217 | 2025-03-20 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack... |
| CVE-2025-29218 | 2025-03-20 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack... |
| CVE-2025-29410 | 2025-03-20 | A cross-site scripting (XSS) vulnerability in the component /contact.php of... |
| CVE-2025-29411 | 2025-03-20 | An arbitrary file upload vulnerability in the Client Profile Update... |
| CVE-2025-29412 | 2025-03-20 | A cross-site scripting (XSS) vulnerability in the Client Profile Update... |
| CVE-2025-1314 | 2025-03-20 | Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function |