CVE List - 2025 / March
Showing 2101 - 2200 of 4018 CVEs for March 2025 (Page 22 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1770 | 2025-03-20 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-1766 | 2025-03-20 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update |
| CVE-2025-22228 | 2025-03-20 | CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length |
| CVE-2024-13875 | 2025-03-20 | WP Programmmanager <= 1.2 - Reflected XSS |
| CVE-2024-13876 | 2025-03-20 | Meintopf <= 0.2.1 - Reflected XSS |
| CVE-2024-13877 | 2025-03-20 | Passbeemedia Web Push Notifications <= 1.0.0 - Reflected XSS |
| CVE-2024-13878 | 2025-03-20 | SpotBot <= 0.1.8 - Reflected XSS |
| CVE-2024-13880 | 2025-03-20 | My Quota <= 1.0.8 - Reflected XSS |
| CVE-2024-13881 | 2025-03-20 | LinkMyPosts <= 1.0 - Reflected XSS |
| CVE-2025-2108 | 2025-03-20 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget |
| CVE-2025-1385 | 2025-03-20 | Fail input validation in clickhouse-library-bridge API could lead to RCE under specific configuration |
| CVE-2024-12016 | 2025-03-20 | SQLi in CM Informatics' CM News |
| CVE-2025-2505 | 2025-03-20 | Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang' |
| CVE-2024-47552 | 2025-03-20 | Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server |
| CVE-2024-54016 | 2025-03-20 | compression bomb attack in Apache Seata Server |
| CVE-2024-8501 | 2025-03-20 | Arbitrary File Download in modelscope/agentscope |
| CVE-2024-12029 | 2025-03-20 | Remote Code Execution via Model Deserialization in invoke-ai/invokeai |
| CVE-2024-13060 | 2025-03-20 | Improper Authorization in mintplex-labs/anything-llm |
| CVE-2024-7765 | 2025-03-20 | Denial of Service in h2oai/h2o-3 |
| CVE-2024-11441 | 2025-03-20 | Stored XSS in Serge in serge-chat/serge |
| CVE-2025-1796 | 2025-03-20 | Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify |
| CVE-2024-10713 | 2025-03-20 | Denial of Service (DoS) via Multipart Request in szad670401/hyperlpr |
| CVE-2024-9095 | 2025-03-20 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-12055 | 2025-03-20 | DoS using malicious gguf model file in ollama/ollama |
| CVE-2025-0190 | 2025-03-20 | Denial of Service in aimhubio/aim |
| CVE-2024-10273 | 2025-03-20 | Improper Privilege Management in lunary-ai/lunary |
| CVE-2024-10940 | 2025-03-20 | Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain |
| CVE-2024-8251 | 2025-03-20 | Prisma Injection in mintplex-labs/anything-llm |
| CVE-2024-8019 | 2025-03-20 | Arbitrary File Write/Overwrite in lightning-ai/pytorch-lightning |
| CVE-2024-7771 | 2025-03-20 | Denial of Service in mintplex-labs/anything-llm |
| CVE-2024-12374 | 2025-03-20 | Stored XSS in automatic1111/stable-diffusion-webui |
| CVE-2024-11302 | 2025-03-20 | Missing check_access in lollms_binding_infos in parisneo/lollms |
| CVE-2024-9340 | 2025-03-20 | Denial of Service (DoS) via Multipart Boundary in zenml-io/zenml |
| CVE-2024-8999 | 2025-03-20 | Improper Access Control in lunary-ai/lunary |
| CVE-2025-0452 | 2025-03-20 | Arbitrary File Deletion in eosphoros-ai/DB-GPT |
| CVE-2024-11042 | 2025-03-20 | Arbitrary File Delete in invoke-ai/invokeai |
| CVE-2024-7779 | 2025-03-20 | ReDoS (Regular Expression Denial of Service) in danswer-ai/danswer |
| CVE-2024-11449 | 2025-03-20 | Server-Side Request Forgery in haotian-liu/llava |
| CVE-2024-10225 | 2025-03-20 | Denial of Service in haotian-liu/llava |
| CVE-2024-12761 | 2025-03-20 | Denial of Service in brycedrennan/imaginairy |
| CVE-2024-7990 | 2025-03-20 | Stored Cross-Site Scripting in open-webui/open-webui |
| CVE-2024-8763 | 2025-03-20 | Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary |
| CVE-2024-11037 | 2025-03-20 | Path Traversal in binary-husky/gpt_academic |
| CVE-2024-12068 | 2025-03-20 | Server-Side Request Forgery in haotian-liu/llava |
| CVE-2024-11821 | 2025-03-20 | Privilege Escalation in langgenius/dify |
| CVE-2024-11170 | 2025-03-20 | Path Traversal in danny-avila/librechat |
| CVE-2024-7959 | 2025-03-20 | SSRF in open-webui/open-webui |
| CVE-2024-11137 | 2025-03-20 | IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint in lunary-ai/lunary |
| CVE-2024-7819 | 2025-03-20 | CORS Misconfiguration in danswer-ai/danswer |
| CVE-2024-10481 | 2025-03-20 | Cross-Site Request Forgery (CSRF) in comfyanonymous/comfyui |
| CVE-2024-7760 | 2025-03-20 | CSRF in aimhubio/aim |
| CVE-2024-10553 | 2025-03-20 | Jdbc Deserialization in h2oai/h2o-3 |
| CVE-2024-10274 | 2025-03-20 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-9415 | 2025-03-20 | Path Traversal in transformeroptimus/superagi |
| CVE-2024-12704 | 2025-03-20 | Denial of Service (DoS) in run-llama/llama_index |
| CVE-2024-2292 | 2025-03-20 | Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data |
| CVE-2024-10831 | 2025-03-20 | Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt |
| CVE-2024-11824 | 2025-03-20 | Stored XSS in langgenius/dify |
| CVE-2025-0188 | 2025-03-20 | SSRF in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-10361 | 2025-03-20 | Arbitrary File Deletion via Path Traversal in danny-avila/librechat |
| CVE-2024-12537 | 2025-03-20 | Unauthenticated Denial of Service in open-webui/open-webui |
| CVE-2024-6838 | 2025-03-20 | Uncontrolled Resource Consumption in mlflow/mlflow |
| CVE-2025-0185 | 2025-03-20 | Pandas Query Injection in langgenius/dify |
| CVE-2024-12910 | 2025-03-20 | Denial of Service in run-llama/llama_index |
| CVE-2024-8156 | 2025-03-20 | Command Injection in significant-gravitas/autogpt |
| CVE-2024-9900 | 2025-03-20 | Cross-Site Scripting (XSS) in mudler/localai |
| CVE-2024-11822 | 2025-03-20 | Server-Side Request Forgery (SSRF) in langgenius/dify |
| CVE-2024-10275 | 2025-03-20 | Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary |
| CVE-2024-10725 | 2025-03-20 | Stored Cross-site Scripting (XSS) in phpipam/phpipam |
| CVE-2024-11031 | 2025-03-20 | SSRF in binary-husky/gpt_academic |
| CVE-2024-12580 | 2025-03-20 | Logs Debug Injection in danny-avila/librechat |
| CVE-2024-10821 | 2025-03-20 | Denial of Service (DoS) in invoke-ai/invokeai |
| CVE-2024-10902 | 2025-03-20 | Arbitrary File Upload with Path Traversal in eosphoros-ai/db-gpt |
| CVE-2024-8984 | 2025-03-20 | Denial of Service (DoS) in berriai/litellm |
| CVE-2024-9847 | 2025-03-20 | Cross-Site Request Forgery (CSRF) in flatpressblog/flatpress |
| CVE-2024-9363 | 2025-03-20 | Unauthorized File Deletion in polyaxon/polyaxon |
| CVE-2024-12909 | 2025-03-20 | SQL Injection to RCE in run-llama/llama_index |
| CVE-2024-9418 | 2025-03-20 | Insufficiently Protected Credentials in transformeroptimus/superagi |
| CVE-2024-8029 | 2025-03-20 | Stored XSS in imartinez/privategpt |
| CVE-2024-10110 | 2025-03-20 | Denial of Service in aimhubio/aim |
| CVE-2024-12775 | 2025-03-20 | SSRF in langgenius/dify |
| CVE-2024-10723 | 2025-03-20 | Stored XSS in phpipam/phpipam |
| CVE-2024-9606 | 2025-03-20 | Improper Output Neutralization for Logs in berriai/litellm |
| CVE-2024-10812 | 2025-03-20 | Open Redirect in binary-husky/gpt_academic |
| CVE-2024-8581 | 2025-03-20 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-9000 | 2025-03-20 | Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary |
| CVE-2024-8489 | 2025-03-20 | CSRF due to overly permissive CORS headers in modelscope/agentscope |
| CVE-2024-8020 | 2025-03-20 | Denial of Service in lightning-ai/pytorch-lightning |
| CVE-2024-10109 | 2025-03-20 | Incorrect Authorization in mintplex-labs/anything-llm |
| CVE-2024-8955 | 2025-03-20 | SSRF in composiohq/composio |
| CVE-2024-10572 | 2025-03-20 | Denial of Service and Arbitrary File Write in h2oai/h2o-3 |
| CVE-2024-12216 | 2025-03-20 | Arbitrary File Write via TarSlip in dmlc/gluon-cv |
| CVE-2024-10724 | 2025-03-20 | Stored XSS in IPV6 Section in phpipam/phpipam |
| CVE-2024-11044 | 2025-03-20 | Open Redirect in automatic1111/stable-diffusion-webui |
| CVE-2024-10835 | 2025-03-20 | Arbitrary File Write via SQL Injection in eosphoros-ai/db-gpt |
| CVE-2024-9597 | 2025-03-20 | Path Traversal in parisneo/lollms |
| CVE-2024-12039 | 2025-03-20 | Improper Restriction of Excessive Authentication Attempts in langgenius/dify |
| CVE-2024-9053 | 2025-03-20 | Remote Code Execution in vllm-project/vllm |
| CVE-2025-0330 | 2025-03-20 | Exposure of Sensitive Information in berriai/litellm |
| CVE-2024-10762 | 2025-03-20 | Missing Authorization in lunary-ai/lunary |