VULNMAP - Security Vulnerabilities

CVE List - 2025 / March

Showing 2701 - 2800 of 4018 CVEs for March 2025 (Page 28 of 41)

CVE ID Date Title
CVE-2025-30586 2025-03-24 WordPress cTabs plugin <= 1.3 - CSRF to Stored XSS Vulnerability
CVE-2025-30587 2025-03-24 WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability
CVE-2025-30588 2025-03-24 WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability
CVE-2025-30590 2025-03-24 WordPress Flickr set slideshows - <= <= 0.9 SQL Injection Vulnerability
CVE-2025-30591 2025-03-24 WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability
CVE-2025-30592 2025-03-24 WordPress Advanced Dewplayer - <= <= 1.6 Broken Access Control Vulnerability
CVE-2025-30593 2025-03-24 WordPress Include URL - <= <= 0.3.5 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30595 2025-03-24 WordPress include-file - <= <= 1 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30597 2025-03-24 WordPress IG Shortcodes - <= <= 3.1 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30598 2025-03-24 WordPress OSS Upload - <= <= 4.8.9 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30599 2025-03-24 WordPress WP Parallax Content Slider plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30600 2025-03-24 WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30601 2025-03-24 WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-30602 2025-03-24 WordPress Related Posts via Categories plugin <= 2.1.2 - CSRF to Stored XSS vulnerability
CVE-2025-30603 2025-03-24 WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-30604 2025-03-24 WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability
CVE-2025-30605 2025-03-24 WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability
CVE-2025-30606 2025-03-24 WordPress Easy Page Transition plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-30608 2025-03-24 WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30609 2025-03-24 WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
CVE-2025-30610 2025-03-24 WordPress WP Social Widget - <= <= 2.2.6 Cross Site Scripting (XSS) Vulnerability
CVE-2025-30612 2025-03-24 WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-30615 2025-03-24 WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability
CVE-2025-30617 2025-03-24 WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30619 2025-03-24 WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-30620 2025-03-24 WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability
CVE-2025-30621 2025-03-24 WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability
CVE-2025-30623 2025-03-24 WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-1558 2025-03-24 Denial of Service Via Malicious GIF
CVE-2021-26105 2025-03-24 A stack-based buffer overflow vulnerability (CWE-121) in the profile parser...
CVE-2025-0256 2025-03-24 HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure
CVE-2021-26091 2025-03-24 A use of a cryptographically weak pseudo-random number generator vulnerability...
CVE-2023-25610 2025-03-24 A buffer underwrite ('buffer underflow') vulnerability in the administrative interface...
CVE-2025-23204 2025-03-24 GraphQl securityAfterResolver not called
CVE-2025-2705 2025-03-24 Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload
CVE-2024-9103 2025-03-24 Persistent XSS in blocked messages
CVE-2025-0255 2025-03-24 HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability
CVE-2025-29778 2025-03-24 Kyverno ignores subjectRegExp and IssuerRegExp
CVE-2025-30205 2025-03-24 kanidm-provision leaks provisioned admin credentials into the system log
CVE-2025-30208 2025-03-24 Vite bypasses server.fs.deny when using `?raw??`
CVE-2025-22223 2025-03-24 Spring Security 6.4.0 - 6.4.3 may not correctly locate method...
CVE-2025-2746 2025-03-24 Kentico Xperience Staging Sync Server digest password authentication bypass
CVE-2025-2747 2025-03-24 Kentico Xperience Staging Sync Server None password type authentication bypass
CVE-2025-2749 2025-03-24 Kentico Xperience Staging media files upload authenticated remote code execution
CVE-2025-2748 2025-03-24 Kentico Xperience stored cross-site scripting in multiple-file upload functionality
CVE-2025-2706 2025-03-24 Digiwin ERP UploadAjaxAPI.ashx unrestricted upload
CVE-2025-30162 2025-03-24 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
CVE-2025-30163 2025-03-24 Node based network policies may incorrectly allow workload traffic
CVE-2025-2707 2025-03-24 zhijiantianya ruoyi-vue-pro Front-End Store Interface upload path traversal
CVE-2025-2708 2025-03-24 zhijiantianya ruoyi-vue-pro Backend File Upload Interface upload path traversal
CVE-2025-2231 2025-03-24 PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2025-2709 2025-03-24 Yonyou UFIDA ERP-NC login.jsp cross site scripting
CVE-2025-2710 2025-03-24 Yonyou UFIDA ERP-NC menu.jsp cross site scripting
CVE-2025-2711 2025-03-24 Yonyou UFIDA ERP-NC systop.jsp cross site scripting
CVE-2025-2712 2025-03-24 Yonyou UFIDA ERP-NC top.jsp cross site scripting
CVE-2025-2714 2025-03-24 JoomlaUX JUX Real Estate addagent cross site scripting
CVE-2025-26512 2025-03-24 CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter
CVE-2025-2715 2025-03-24 timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting
CVE-2025-2716 2025-03-24 China Mobile P22g-CIac Samba Path path traversal
CVE-2025-1974 2025-03-24 ingress-nginx admission controller RCE escalation
CVE-2025-1097 2025-03-24 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
CVE-2025-1098 2025-03-24 ingress-nginx controller - configuration injection via unsanitized mirror annotations
CVE-2025-24513 2025-03-24 ingress-nginx controller - auth secret file path traversal vulnerability
CVE-2025-24514 2025-03-24 ingress-nginx controller - configuration injection via unsanitized auth-url annotation
CVE-2025-2717 2025-03-24 D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection
CVE-2024-42533 2025-03-25 SQL injection vulnerability in the authentication module in Convivance StandVoice...
CVE-2024-44903 2025-03-25 SQL Injection can occur in the SirsiDynix Horizon Information Portal...
CVE-2024-48818 2025-03-25 An issue in IIT Bombay, Mumbai, India Bodhitree of cs101...
CVE-2024-55028 2025-03-25 A template injection vulnerability in the Dashboard of NASA Fprime...
CVE-2024-55029 2025-03-25 NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting...
CVE-2024-55030 2025-03-25 A command injection vulnerability in the Command Dispatcher Service of...
CVE-2025-25371 2025-03-25 NASA cFS (Core Flight System) Aquila is vulnerable to path...
CVE-2025-25372 2025-03-25 NASA cFS (Core Flight System) Aquila is vulnerable to segmentation...
CVE-2025-25373 2025-03-25 The Memory Management Module of NASA cFS (Core Flight System)...
CVE-2025-25374 2025-03-25 In NASA cFS (Core Flight System) Aquila, it is possible...
CVE-2025-27809 2025-03-25 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the...
CVE-2025-27810 2025-03-25 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some...
CVE-2025-27830 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. A...
CVE-2025-27831 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. The...
CVE-2025-27832 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. The...
CVE-2025-27833 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. A...
CVE-2025-27834 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. A...
CVE-2025-27835 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. A...
CVE-2025-27836 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. The...
CVE-2025-27837 2025-03-25 An issue was discovered in Artifex Ghostscript before 10.05.0. Access...
CVE-2025-29635 2025-03-25 A command injection vulnerability in D-Link DIR-823X 240126 and 240802...
CVE-2025-30091 2025-03-25 In Tiny MoxieManager PHP before 4.0.0, remote code execution can...
CVE-2025-30118 2025-03-25 An issue was discovered on the Audi Universal Traffic Recorder...
CVE-2025-30741 2025-03-25 Pixelfed before 0.12.5 allows anyone to follow private accounts and...
CVE-2025-2725 2025-03-25 H3C Magic BE18000 HTTP POST Request auth command injection
CVE-2025-2726 2025-03-25 H3C Magic BE18000 HTTP POST Request esps command injection
CVE-2025-2727 2025-03-25 H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection
CVE-2025-2728 2025-03-25 H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection
CVE-2025-2729 2025-03-25 H3C Magic BE18000 HTTP POST Request networkSetup command injection
CVE-2025-2730 2025-03-25 H3C Magic BE18000 HTTP POST Request getssidname command injection
CVE-2025-2731 2025-03-25 H3C Magic BE18000 HTTP POST Request getDualbandSync command injection
CVE-2025-2732 2025-03-25 H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection
CVE-2024-8313 2025-03-25 Default or Guessable SNMP community names in B&R APROL
CVE-2024-8314 2025-03-25 Improper session handling in B&R APROL
CVE-2025-2733 2025-03-25 mannaandpoem OpenManus Prompt python_execute.py os command injection