CVE List - 2025 / March
Showing 2401 - 2500 of 4018 CVEs for March 2025 (Page 25 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-7767 | 2025-03-20 | Improper Access Control in danswer-ai/danswer |
| CVE-2024-12766 | 2025-03-20 | SSRF in parisneo/lollms-webui |
| CVE-2024-12387 | 2025-03-20 | Improper Input Validation in binary-husky/gpt_academic |
| CVE-2024-8556 | 2025-03-20 | Stored XSS in modelscope/agentscope |
| CVE-2024-8769 | 2025-03-20 | Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim |
| CVE-2024-8487 | 2025-03-20 | CORS Vulnerability in modelscope/agentscope |
| CVE-2024-12048 | 2025-03-20 | IDOR Vulnerability in transformeroptimus/superagi |
| CVE-2024-12779 | 2025-03-20 | SSRF in infiniflow/ragflow |
| CVE-2024-10650 | 2025-03-20 | Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-8101 | 2025-03-20 | Stored XSS in aimhubio/aim |
| CVE-2025-0454 | 2025-03-20 | SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt |
| CVE-2025-0508 | 2025-03-20 | MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk |
| CVE-2024-8017 | 2025-03-20 | Cross-site Scripting (XSS) in open-webui/open-webui |
| CVE-2024-12866 | 2025-03-20 | Local File Inclusion in netease-youdao/qanything |
| CVE-2024-8248 | 2025-03-20 | Path Traversal in mintplex-labs/anything-llm |
| CVE-2024-10549 | 2025-03-20 | Denial of Service by ReDOS in h2oai/h2o-3 |
| CVE-2024-12063 | 2025-03-20 | Denial of Service in imartinez/privategpt |
| CVE-2024-8196 | 2025-03-20 | Missing Authentication for Critical Function in mintplex-labs/anything-llm |
| CVE-2024-7764 | 2025-03-20 | SQL Injection in vanna-ai/vanna |
| CVE-2024-6825 | 2025-03-20 | Remote Code Execution in BerriAI/litellm |
| CVE-2024-12392 | 2025-03-20 | Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic |
| CVE-2024-10457 | 2025-03-20 | SSRF Vulnerabilities in significant-gravitas/autogpt |
| CVE-2024-9216 | 2025-03-20 | Authentication Bypass in gaizhenbiao/ChuanhuChatGPT |
| CVE-2025-0184 | 2025-03-20 | Server-Side Request Forgery (SSRF) in langgenius/dify |
| CVE-2024-8613 | 2025-03-20 | Improper Access Control in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-12215 | 2025-03-20 | Remote Code Execution in kedro-org/kedro |
| CVE-2024-10956 | 2025-03-20 | Cross-Site WebSocket Hijacking in binary-husky/gpt_academic |
| CVE-2024-13923 | 2025-03-20 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function |
| CVE-2024-13922 | 2025-03-20 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function |
| CVE-2024-13558 | 2025-03-20 | NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure |
| CVE-2025-2539 | 2025-03-20 | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read |
| CVE-2025-1802 | 2025-03-20 | HT Mega – Absolute Addons For Elementor <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-13921 | 2025-03-20 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter |
| CVE-2024-13920 | 2025-03-20 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function |
| CVE-2025-27888 | 2025-03-20 | Apache Druid: Server-Side Request Forgery and Cross-Site Scripting |
| CVE-2025-2311 | 2025-03-20 | Authentication Bypass in Sechard Information Technologies' SecHard |
| CVE-2025-1496 | 2025-03-20 | Improper Authentication in BG-TEK's Coslat Hotspot |
| CVE-2025-0254 | 2025-03-20 | HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. |
| CVE-2025-2546 | 2025-03-20 | D-Link DIR-618/DIR-605L Firewall Service formAdvFirewall access control |
| CVE-2025-23120 | 2025-03-20 | A vulnerability allowing remote code execution (RCE) for domain users. |
| CVE-2025-2547 | 2025-03-20 | D-Link DIR-618/DIR-605L formAdvNetwork access control |
| CVE-2025-2548 | 2025-03-20 | D-Link DIR-618/DIR-605L formSetDomainFilter access control |
| CVE-2025-2565 | 2025-03-20 | The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126,... |
| CVE-2025-2549 | 2025-03-20 | D-Link DIR-618/DIR-605L formSetPassword access control |
| CVE-2025-2550 | 2025-03-20 | D-Link DIR-618/DIR-605L DDNS Service formSetDDNS access control |
| CVE-2025-2480 | 2025-03-20 | Santesoft Sante DICOM Viewer Pro Out-of-bounds Write |
| CVE-2024-7598 | 2025-03-20 | Network restriction bypass via race condition during namespace termination |
| CVE-2025-2551 | 2025-03-20 | D-Link DIR-618/DIR-605L formSetPortTr access control |
| CVE-2025-2552 | 2025-03-20 | D-Link DIR-618/DIR-605L formTcpipSetup access control |
| CVE-2025-2553 | 2025-03-20 | D-Link DIR-618/DIR-605L formVirtualServ access control |
| CVE-2025-29914 | 2025-03-20 | OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` |
| CVE-2025-29922 | 2025-03-20 | kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace |
| CVE-2025-2555 | 2025-03-20 | Audi Universal Traffic Recorder App FTP Credentials hard-coded password |
| CVE-2025-2556 | 2025-03-20 | Audi UTR Dashcam Video Stream hard-coded credentials |
| CVE-2025-29923 | 2025-03-20 | go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment |
| CVE-2025-30160 | 2025-03-20 | Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form |
| CVE-2025-2557 | 2025-03-20 | Audi UTR Dashcam Command API access control |
| CVE-2025-29980 | 2025-03-20 | Blind SQL Injection vulnerability in eTRAKiT.Net |
| CVE-2025-30334 | 2025-03-20 | OpenBSD wg(4) kernel crash |
| CVE-2025-2538 | 2025-03-20 | BUG-000174336 |
| CVE-2025-2574 | 2025-03-20 | Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking |
| CVE-2024-54551 | 2025-03-20 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-44199 | 2025-03-20 | An out-of-bounds read was addressed with improved input validation. This... |
| CVE-2024-54564 | 2025-03-20 | This issue was addressed through improved state management. This issue... |
| CVE-2024-44305 | 2025-03-20 | This issue was addressed by removing the vulnerable code. This... |
| CVE-2024-53348 | 2025-03-21 | LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control... |
| CVE-2024-53349 | 2025-03-21 | Insecure permissions in kuadrant v0.11.3 allow attackers to gain access... |
| CVE-2024-53350 | 2025-03-21 | Insecure permissions in kubeslice v1.3.1 allow attackers to gain access... |
| CVE-2024-53351 | 2025-03-21 | Insecure permissions in pipecd v0.49 allow attackers to gain access... |
| CVE-2024-57490 | 2025-03-21 | Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login... |
| CVE-2025-29223 | 2025-03-21 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection... |
| CVE-2025-29226 | 2025-03-21 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command... |
| CVE-2025-29227 | 2025-03-21 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command... |
| CVE-2025-29230 | 2025-03-21 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection... |
| CVE-2025-29640 | 2025-03-21 | Phpgurukul Human Metapneumovirus (HMPV) – Testing Management System v1.0 is... |
| CVE-2025-29641 | 2025-03-21 | Phpgurukul Vehicle Record Management System v1.0 is vulnerable to SQL... |
| CVE-2025-30342 | 2025-03-21 | An XSS issue was discovered in OpenSlides before 4.2.5. When... |
| CVE-2025-30343 | 2025-03-21 | A directory traversal issue was discovered in OpenSlides before 4.2.5.... |
| CVE-2025-30344 | 2025-03-21 | An issue was discovered in OpenSlides before 4.2.5. During login... |
| CVE-2025-30345 | 2025-03-21 | An issue was discovered in OpenSlides before 4.2.5. When creating... |
| CVE-2025-30346 | 2025-03-21 | Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow... |
| CVE-2025-30347 | 2025-03-21 | Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive... |
| CVE-2025-30348 | 2025-03-21 | encodeText in QDom in Qt before 6.8.0 has a complex... |
| CVE-2025-30349 | 2025-03-21 | Horde IMP through 6.2.27, as used with Horde Application Framework... |
| CVE-2023-28207 | 2025-03-21 | The issue was addressed with improved checks. This issue is... |
| CVE-2025-29807 | 2025-03-21 | Microsoft Dataverse Remote Code Execution Vulnerability |
| CVE-2025-29814 | 2025-03-21 | Microsoft Partner Center Elevation of Privilege Vulnerability |
| CVE-2025-2585 | 2025-03-21 | EBM Technologies EBM Maintenance Center - SQL injection |
| CVE-2025-26336 | 2025-03-21 | Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s)... |
| CVE-2025-2581 | 2025-03-21 | xmedcon DICOM File malloc integer underflow |
| CVE-2024-50053 | 2025-03-21 | Stored XSS |
| CVE-2025-2582 | 2025-03-21 | SimpleMachines SMF ManageAttachments.php cross site scripting |
| CVE-2025-2583 | 2025-03-21 | SimpleMachines SMF ManageNews.php cross site scripting |
| CVE-2024-13903 | 2025-03-21 | quickjs-ng QuickJS qjs quickjs.c JS_GetRuntime stack-based overflow |
| CVE-2025-2584 | 2025-03-21 | WebAssembly wabt binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow |
| CVE-2025-27715 | 2025-03-21 | Auto-Enrollment of Team Admins into Private Channels without explicit consent |
| CVE-2025-27933 | 2025-03-21 | Unauthorized Private-to-Public Channel Conversion |
| CVE-2025-25274 | 2025-03-21 | Unauthorized Command Execution in Archived Channels |
| CVE-2025-30179 | 2025-03-21 | MFA Enforcement Bypass in Search APIs |
| CVE-2025-24920 | 2025-03-21 | Unauthorized Bookmark Creation and Modification in Archived Channels |