CVE List - 2025 / March
Showing 3301 - 3400 of 4018 CVEs for March 2025 (Page 34 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-22649 | 2025-03-27 | WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-48944 | 2025-03-27 | Apache Kylin: SSRF vulnerability in the diagnosis api |
| CVE-2025-31176 | 2025-03-27 | Gnuplot: gnuplot segmentation fault on plot3d_points |
| CVE-2025-22648 | 2025-03-27 | WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30067 | 2025-03-27 | Apache Kylin: The remote code execution via jdbc url |
| CVE-2025-31178 | 2025-03-27 | Gnuplot: gnuplot segmentation fault on getannotatestring |
| CVE-2025-22647 | 2025-03-27 | WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-22646 | 2025-03-27 | WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31179 | 2025-03-27 | Gnuplot: gnuplot segmentation fault on xstrftime |
| CVE-2025-31180 | 2025-03-27 | Gnuplot: gnuplot segmentation fault on canvas_text |
| CVE-2025-31181 | 2025-03-27 | Gnuplot: gnuplot segmentation fault on x11_graphics |
| CVE-2025-22644 | 2025-03-27 | WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22640 | 2025-03-27 | WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22638 | 2025-03-27 | WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22637 | 2025-03-27 | WordPress Print PDF Generator and Publisher Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22634 | 2025-03-27 | WordPress Easy Booked Plugin <= 2.4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22629 | 2025-03-27 | WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-22628 | 2025-03-27 | WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-2855 | 2025-03-27 | elunez eladmin upload checkFile deserialization |
| CVE-2025-22497 | 2025-03-27 | WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22496 | 2025-03-27 | WordPress Notif Bell Plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22278 | 2025-03-27 | WordPress Whitish Lite theme <= 2.1.13 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26909 | 2025-03-27 | WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability |
| CVE-2025-26762 | 2025-03-27 | WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22783 | 2025-03-27 | WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability |
| CVE-2025-30361 | 2025-03-27 | WeGIA Vulnerable to Broken Authentication - Old Password Validation |
| CVE-2025-30362 | 2025-03-27 | WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter id |
| CVE-2024-12905 | 2025-03-27 | An Improper Link Resolution Before File Access ("Link Following") and... |
| CVE-2025-30363 | 2025-03-27 | WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter dados_addInfo |
| CVE-2025-30364 | 2025-03-27 | WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario |
| CVE-2025-30365 | 2025-03-27 | SQL Injection in query_geracao_auto.php |
| CVE-2025-30366 | 2025-03-27 | WeGIA vulnerable to Stored XSS in personalizacao.php |
| CVE-2025-30367 | 2025-03-27 | WeGIA SQL Injection Vulnerability in nextPage Parameter on control.php Endpoint |
| CVE-2021-4454 | 2025-03-27 | can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate |
| CVE-2023-52928 | 2025-03-27 | bpf: Skip invalid kfunc call in backtrack_insn |
| CVE-2023-52929 | 2025-03-27 | nvmem: core: fix cleanup after dev_set_name() |
| CVE-2023-52930 | 2025-03-27 | drm/i915: Fix potential bit_17 double-free |
| CVE-2023-52931 | 2025-03-27 | drm/i915: Avoid potential vm use-after-free |
| CVE-2023-52932 | 2025-03-27 | mm/swapfile: add cond_resched() in get_swap_pages() |
| CVE-2023-52933 | 2025-03-27 | Squashfs: fix handling and sanity checking of xattr_ids count |
| CVE-2023-52934 | 2025-03-27 | mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups |
| CVE-2023-52935 | 2025-03-27 | mm/khugepaged: fix ->anon_vma race |
| CVE-2023-52936 | 2025-03-27 | kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() |
| CVE-2023-52937 | 2025-03-27 | HV: hv_balloon: fix memory leak with using debugfs_lookup() |
| CVE-2023-52938 | 2025-03-27 | usb: typec: ucsi: Don't attempt to resume the ports before they exist |
| CVE-2023-52939 | 2025-03-27 | mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() |
| CVE-2023-52940 | 2025-03-27 | mm: multi-gen LRU: fix crash during cgroup migration |
| CVE-2023-52941 | 2025-03-27 | can: isotp: split tx timer into transmission and timeout |
| CVE-2023-52942 | 2025-03-27 | cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() |
| CVE-2022-49738 | 2025-03-27 | f2fs: fix to do sanity check on i_extra_isize in is_alive() |
| CVE-2022-49739 | 2025-03-27 | gfs2: Always check inode size of inline inodes |
| CVE-2022-49740 | 2025-03-27 | wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads |
| CVE-2022-49741 | 2025-03-27 | fbdev: smscufx: fix error handling code in ufx_usb_probe |
| CVE-2022-49742 | 2025-03-27 | f2fs: initialize locks earlier in f2fs_fill_super() |
| CVE-2022-49743 | 2025-03-27 | ovl: Use "buf" flexible array for memcpy() destination |
| CVE-2022-49744 | 2025-03-27 | mm/uffd: fix pte marker when fork() without fork event |
| CVE-2022-49745 | 2025-03-27 | fpga: m10bmc-sec: Fix probe rollback |
| CVE-2022-49746 | 2025-03-27 | dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init |
| CVE-2022-49747 | 2025-03-27 | erofs/zmap.c: Fix incorrect offset calculation |
| CVE-2022-49748 | 2025-03-27 | perf/x86/amd: fix potential integer overflow on shift of a int |
| CVE-2022-49749 | 2025-03-27 | i2c: designware: use casting of u64 in clock multiplication to avoid overflow |
| CVE-2022-49750 | 2025-03-27 | cpufreq: CPPC: Add u64 casts to avoid overflowing |
| CVE-2022-49751 | 2025-03-27 | w1: fix WARNING after calling w1_process() |
| CVE-2022-49752 | 2025-03-27 | device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() |
| CVE-2022-49753 | 2025-03-27 | dmaengine: Fix double increment of client_count in dma_chan_get() |
| CVE-2022-49754 | 2025-03-27 | Bluetooth: Fix a buffer overflow in mgmt_mesh_add() |
| CVE-2022-49755 | 2025-03-27 | usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait |
| CVE-2022-49756 | 2025-03-27 | phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe() |
| CVE-2022-49757 | 2025-03-27 | EDAC/highbank: Fix memory leak in highbank_mc_probe() |
| CVE-2022-49758 | 2025-03-27 | reset: uniphier-glue: Fix possible null-ptr-deref |
| CVE-2022-49759 | 2025-03-27 | VMCI: Use threaded irqs instead of tasklets |
| CVE-2022-49760 | 2025-03-27 | mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() |
| CVE-2022-49761 | 2025-03-27 | btrfs: always report error in run_one_delayed_ref() |
| CVE-2023-52973 | 2025-03-27 | vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF |
| CVE-2023-52974 | 2025-03-27 | scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-52975 | 2025-03-27 | scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress |
| CVE-2023-52976 | 2025-03-27 | efi: fix potential NULL deref in efi_mem_reserve_persistent |
| CVE-2023-52977 | 2025-03-27 | net: openvswitch: fix flow memory leak in ovs_flow_cmd_new |
| CVE-2023-52978 | 2025-03-27 | riscv: kprobe: Fixup kernel panic when probing an illegal position |
| CVE-2023-52979 | 2025-03-27 | squashfs: harden sanity check in squashfs_read_xattr_id_table |
| CVE-2023-52980 | 2025-03-27 | block: ublk: extending queue_size to fix overflow |
| CVE-2023-52981 | 2025-03-27 | drm/i915: Fix request ref counting during error capture & debugfs dump |
| CVE-2023-52982 | 2025-03-27 | fscache: Use wait_on_bit() to wait for the freeing of relinquished volume |
| CVE-2023-52983 | 2025-03-27 | block, bfq: fix uaf for bfqq in bic_set_bfqq() |
| CVE-2023-52984 | 2025-03-27 | net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices |
| CVE-2023-52985 | 2025-03-27 | arm64: dts: imx8mm-verdin: Do not power down eth-phy |
| CVE-2023-52986 | 2025-03-27 | bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener |
| CVE-2023-52987 | 2025-03-27 | ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write() |
| CVE-2023-52988 | 2025-03-27 | ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() |
| CVE-2023-52989 | 2025-03-27 | firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region |
| CVE-2023-52991 | 2025-03-27 | net: fix NULL pointer in skb_segment_list |
| CVE-2023-52992 | 2025-03-27 | bpf: Skip task with pid=1 in send_signal_common() |
| CVE-2023-52993 | 2025-03-27 | x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL |
| CVE-2023-52994 | 2025-03-27 | acpi: Fix suspend with Xen PV |
| CVE-2023-52995 | 2025-03-27 | riscv/kprobe: Fix instruction simulation of JALR |
| CVE-2023-52996 | 2025-03-27 | ipv4: prevent potential spectre v1 gadget in fib_metrics_match() |
| CVE-2023-52997 | 2025-03-27 | ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() |
| CVE-2023-52998 | 2025-03-27 | net: fec: Use page_pool_put_full_page when freeing rx buffers |
| CVE-2023-52999 | 2025-03-27 | net: fix UaF in netns ops registration error path |
| CVE-2023-53000 | 2025-03-27 | netlink: prevent potential spectre v1 gadgets |