CVE List - 2025 / March
Showing 3001 - 3100 of 4015 CVEs for March 2025 (Page 31 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-26583 | 2025-03-26 | WordPress Video Share VOD plugin <= 2.7.2 - Reflected Cross-Site Scripting vulnerability |
| CVE-2025-26584 | 2025-03-26 | WordPress TBTestimonials Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27267 | 2025-03-26 | WordPress Random Quotes Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28855 | 2025-03-26 | WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28858 | 2025-03-26 | WordPress Arrow Maps plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28865 | 2025-03-26 | WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28869 | 2025-03-26 | WordPress NextGEN Gallery Voting plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28873 | 2025-03-26 | WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability |
| CVE-2025-28877 | 2025-03-26 | WordPress Key4ce osTicket Bridge plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28880 | 2025-03-26 | WordPress Blue Captcha plugin <= 1.7.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28882 | 2025-03-26 | WordPress Omnify plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28885 | 2025-03-26 | WordPress Fiverr.com Official Search Box plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28889 | 2025-03-26 | WordPress Custom Product Stickers for Woocommerce plugin <= 1.9.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28890 | 2025-03-26 | WordPress Lightview Plus plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28893 | 2025-03-26 | WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-28898 | 2025-03-26 | WordPress WP Multistore Locator plugin <= 2.5.2 - SQL Injection vulnerability |
| CVE-2025-28899 | 2025-03-26 | WordPress WP Event Ticketing plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28903 | 2025-03-26 | WordPress Driving Directions plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28911 | 2025-03-26 | WordPress Gravity 2 PDF plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28916 | 2025-03-26 | WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability |
| CVE-2025-28917 | 2025-03-26 | WordPress Custom Smilies plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28921 | 2025-03-26 | WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28924 | 2025-03-26 | WordPress ZenphotoPress plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28928 | 2025-03-26 | WordPress Are you robot google recaptcha for Wordpress plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28934 | 2025-03-26 | WordPress Simple Post Series plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28935 | 2025-03-26 | WordPress Fancybox Plus plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28939 | 2025-03-26 | WordPress WP Google Calendar Manager plugin <= 2.1 - SQL Injection vulnerability |
| CVE-2025-28942 | 2025-03-26 | WordPress Trust Payments Gateway for WooCommerce plugin <= 1.1.4 - SQL Injection vulnerability |
| CVE-2025-30524 | 2025-03-26 | WordPress Product Catalog plugin <= 1.0.4 - SQL Injection vulnerability |
| CVE-2025-27015 | 2025-03-26 | WordPress Hostiko Theme < 30.1 - Local File Inclusion vulnerability |
| CVE-2025-27014 | 2025-03-26 | WordPress Hostiko Theme < 30.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26986 | 2025-03-26 | WordPress Pearl Theme < 3.4.8 - Local File Inclusion vulnerability |
| CVE-2025-26941 | 2025-03-26 | WordPress Church Admin plugin <= 5.0.18 - SQL Injection vulnerability |
| CVE-2025-26929 | 2025-03-26 | WordPress Accounting for WooCommerce plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26923 | 2025-03-26 | WordPress Event post plugin <= 5.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26922 | 2025-03-26 | WordPress AuraMart theme <= 2.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26869 | 2025-03-26 | WordPress Build theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2819 | 2025-03-26 | Unrestricted Fileupload |
| CVE-2025-26747 | 2025-03-26 | WordPress RainbowNews theme <= 1.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2820 | 2025-03-26 | Denial of Service |
| CVE-2025-26739 | 2025-03-26 | WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27405 | 2025-03-26 | Icinga Web 2 has XSS in embedded content |
| CVE-2025-2098 | 2025-03-26 | Dylib Hijacking in Fast CAD Reader |
| CVE-2025-27406 | 2025-03-26 | Icinga Reporting Stored XSS leads to SSRF |
| CVE-2025-2783 | 2025-03-26 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium... |
| CVE-2025-27609 | 2025-03-26 | Icinga Web 2 Vulnerable to Reflected XSS |
| CVE-2025-30164 | 2025-03-26 | Icinga Web 2 has open redirect on login page |
| CVE-2025-30217 | 2025-03-26 | Frappe has possibility of SQL injection due to improper validations |
| CVE-2025-30225 | 2025-03-26 | Directus's S3 assets become unavailable after a burst of malformed transformations |
| CVE-2025-30350 | 2025-03-26 | Directus's S3 assets become unavailable after a burst of HEAD requests |
| CVE-2025-30351 | 2025-03-26 | Suspended Directus user can continue to use session token to access API |
| CVE-2025-2499 | 2025-03-26 | Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password,... |
| CVE-2025-30352 | 2025-03-26 | Directus `search` query parameter allows enumeration of non permitted fields |
| CVE-2025-2528 | 2025-03-26 | Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators.... |
| CVE-2025-2562 | 2025-03-26 | Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the... |
| CVE-2025-30353 | 2025-03-26 | Directus's webhook trigger flows can leak sensitive data |
| CVE-2025-2600 | 2025-03-26 | Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password... |
| CVE-2025-2787 | 2025-03-26 | Ingress-nginx vulnerability in KNIME Business Hub |
| CVE-2025-2837 | 2025-03-26 | Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-2838 | 2025-03-26 | Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability |
| CVE-2025-30407 | 2025-03-26 | Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713. |
| CVE-2025-20231 | 2025-03-26 | Sensitive Information Disclosure in Splunk Secure Gateway App |
| CVE-2025-20226 | 2025-03-26 | Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise |
| CVE-2025-20227 | 2025-03-26 | Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio |
| CVE-2025-20228 | 2025-03-26 | Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise |
| CVE-2025-20229 | 2025-03-26 | Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise |
| CVE-2025-20232 | 2025-03-26 | Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise |
| CVE-2025-20233 | 2025-03-26 | Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing |
| CVE-2025-20230 | 2025-03-26 | Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App |
| CVE-2024-55070 | 2025-03-27 | A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions. |
| CVE-2024-55072 | 2025-03-27 | A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to... |
| CVE-2024-55073 | 2025-03-27 | A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to... |
| CVE-2025-25686 | 2025-03-27 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. |
| CVE-2025-26265 | 2025-03-27 | A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response. |
| CVE-2025-28135 | 2025-03-27 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi. |
| CVE-2025-28138 | 2025-03-27 | The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. |
| CVE-2025-29072 | 2025-03-27 | An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU... |
| CVE-2025-29306 | 2025-03-27 | An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. |
| CVE-2025-29483 | 2025-03-27 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function. |
| CVE-2025-29484 | 2025-03-27 | An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion. |
| CVE-2025-29485 | 2025-03-27 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. |
| CVE-2025-29486 | 2025-03-27 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function. |
| CVE-2025-29487 | 2025-03-27 | An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion. |
| CVE-2025-29488 | 2025-03-27 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function. |
| CVE-2025-29489 | 2025-03-27 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function. |
| CVE-2025-29490 | 2025-03-27 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. |
| CVE-2025-29491 | 2025-03-27 | An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file. |
| CVE-2025-29492 | 2025-03-27 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function. |
| CVE-2025-29493 | 2025-03-27 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. |
| CVE-2025-29494 | 2025-03-27 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. |
| CVE-2025-29496 | 2025-03-27 | libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file. |
| CVE-2025-29497 | 2025-03-27 | libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function. |
| CVE-2025-30093 | 2025-03-27 | HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions. |
| CVE-2025-30232 | 2025-03-27 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. |
| CVE-2025-30355 | 2025-03-27 | Synapse vulnerable to federation denial of service via malformed events |
| CVE-2025-2481 | 2025-03-27 | MediaView <= 1.1.2 - Reflected Cross-Site Scripting via id Parameter |
| CVE-2024-45352 | 2025-03-27 | Xiaomi smarthome application Webview has code execution vulnerability |
| CVE-2025-2831 | 2025-03-27 | mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 bookList getBookList sql injection |
| CVE-2025-2832 | 2025-03-27 | mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery |
| CVE-2025-2833 | 2025-03-27 | zhangyd-c OneBlog HTTP Header redos |