CVE List - 2025 / March
Showing 3401 - 3500 of 4018 CVEs for March 2025 (Page 35 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53001 | 2025-03-27 | drm/drm_vma_manager: Add drm_vma_node_allow_once() |
| CVE-2023-53002 | 2025-03-27 | drm/i915: Fix a memory leak with reused mmap_offset |
| CVE-2023-53003 | 2025-03-27 | EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info |
| CVE-2023-53004 | 2025-03-27 | ovl: fix tmpfile leak |
| CVE-2023-53005 | 2025-03-27 | trace_events_hist: add check for return value of 'create_hist_field' |
| CVE-2023-53006 | 2025-03-27 | cifs: Fix oops due to uncleared server->smbd_conn in reconnect |
| CVE-2023-53007 | 2025-03-27 | tracing: Make sure trace_printk() can output as soon as it can be used |
| CVE-2023-53008 | 2025-03-27 | cifs: fix potential memory leaks in session setup |
| CVE-2023-53009 | 2025-03-27 | drm/amdkfd: Add sync after creating vram bo |
| CVE-2023-53010 | 2025-03-27 | bnxt: Do not read past the end of test names |
| CVE-2023-53011 | 2025-03-27 | net: stmmac: enable all safety features by default |
| CVE-2023-53012 | 2025-03-27 | thermal: core: call put_device() only after device_register() fails |
| CVE-2023-53013 | 2025-03-27 | ptdma: pt_core_execute_cmd() should use spinlock |
| CVE-2023-53014 | 2025-03-27 | dmaengine: tegra: Fix memory leak in terminate_all() |
| CVE-2023-53015 | 2025-03-27 | HID: betop: check shape of output reports |
| CVE-2023-53016 | 2025-03-27 | Bluetooth: Fix possible deadlock in rfcomm_sk_state_change |
| CVE-2023-53017 | 2025-03-27 | Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() |
| CVE-2023-53018 | 2025-03-27 | Bluetooth: hci_conn: Fix memory leaks |
| CVE-2023-53019 | 2025-03-27 | net: mdio: validate parameter addr in mdiobus_get_phy() |
| CVE-2023-53020 | 2025-03-27 | l2tp: close all race conditions in l2tp_tunnel_register() |
| CVE-2023-53021 | 2025-03-27 | net/sched: sch_taprio: fix possible use-after-free |
| CVE-2023-53022 | 2025-03-27 | net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() |
| CVE-2023-53023 | 2025-03-27 | net: nfc: Fix use-after-free in local_cleanup() |
| CVE-2023-53024 | 2025-03-27 | bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation |
| CVE-2023-53026 | 2025-03-27 | RDMA/core: Fix ib block iterator counter overflow |
| CVE-2023-53028 | 2025-03-27 | Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" |
| CVE-2023-53029 | 2025-03-27 | octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt |
| CVE-2023-53030 | 2025-03-27 | octeontx2-pf: Avoid use of GFP_KERNEL in atomic context |
| CVE-2023-53031 | 2025-03-27 | powerpc/imc-pmu: Fix use of mutex in IRQs disabled section |
| CVE-2023-53032 | 2025-03-27 | netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. |
| CVE-2023-53033 | 2025-03-27 | netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-37405 | 2025-03-27 | IBM Cloud Pak System information disclosure |
| CVE-2023-38272 | 2025-03-27 | IBM Cloud Pak System information disclosure |
| CVE-2025-22740 | 2025-03-27 | WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability |
| CVE-2025-22739 | 2025-03-27 | WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability |
| CVE-2025-26956 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-26898 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - SQL Injection vulnerability |
| CVE-2025-26890 | 2025-03-27 | WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability |
| CVE-2025-26874 | 2025-03-27 | WordPress MemberSpace plugin <= 2.1.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26873 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability |
| CVE-2025-26733 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-31031 | 2025-03-27 | WordPress Job Colors for WP Job Manager plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2885 | 2025-03-27 | Root metadata version not validated in tough |
| CVE-2025-2886 | 2025-03-27 | Terminating targets role delegations are not respected in tough |
| CVE-2025-2887 | 2025-03-27 | Failure to detect delegated target rollback in tough |
| CVE-2025-2888 | 2025-03-27 | Improper timestamp caching during snapshot rollback in tough |
| CVE-2025-31101 | 2025-03-27 | WordPress VaultRE Contact Form 7 plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2878 | 2025-03-27 | Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting |
| CVE-2025-31092 | 2025-03-27 | WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-24292 | 2025-03-28 | A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an... |
| CVE-2024-38985 | 2025-03-28 | janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to... |
| CVE-2024-38988 | 2025-03-28 | alizeait unflatto <= 1.0.2 was discovered to contain a prototype... |
| CVE-2024-48615 | 2025-03-28 | Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when... |
| CVE-2024-56975 | 2025-03-28 | InvoicePlane (all versions tested as of December 2024) v.1.6.11 and... |
| CVE-2024-57083 | 2025-03-28 | A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc... |
| CVE-2024-58128 | 2025-03-28 | In MISP before 2.4.193, menu_custom_right_link parameters can be set via... |
| CVE-2024-58129 | 2025-03-28 | In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via... |
| CVE-2024-58130 | 2025-03-28 | In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a... |
| CVE-2025-22953 | 2025-03-28 | A SQL injection vulnerability exists in Epicor HCM 2021 1.9,... |
| CVE-2025-25579 | 2025-03-28 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa... |
| CVE-2025-28087 | 2025-03-28 | Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection... |
| CVE-2025-28089 | 2025-03-28 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via... |
| CVE-2025-28090 | 2025-03-28 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in... |
| CVE-2025-28091 | 2025-03-28 | maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via... |
| CVE-2025-28092 | 2025-03-28 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via... |
| CVE-2025-28093 | 2025-03-28 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in... |
| CVE-2025-28094 | 2025-03-28 | shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. |
| CVE-2025-28096 | 2025-03-28 | OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in... |
| CVE-2025-28097 | 2025-03-28 | OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2025-28219 | 2025-03-28 | Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in... |
| CVE-2025-28220 | 2025-03-28 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the... |
| CVE-2025-28221 | 2025-03-28 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the... |
| CVE-2025-28254 | 2025-03-28 | Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows... |
| CVE-2025-28256 | 2025-03-28 | An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker... |
| CVE-2025-31335 | 2025-03-28 | The OpenSAML C++ library before 3.3.1 allows forging of signed... |
| CVE-2025-1860 | 2025-03-28 | Data::Entropy for Perl uses insecure rand() function for cryptographic functions |
| CVE-2025-24383 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2024-49565 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2024-49564 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2024-49563 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-22398 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24382 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2024-49601 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24385 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-23383 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2024-13939 | 2025-03-28 | String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string |
| CVE-2025-24380 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24379 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24378 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24377 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24386 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization... |
| CVE-2025-24381 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection... |
| CVE-2025-2894 | 2025-03-28 | Unitree Go1 Robot Dog Backdoor Control Channel |
| CVE-2025-2294 | 2025-03-28 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
| CVE-2025-2804 | 2025-03-28 | tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' |
| CVE-2025-2027 | 2025-03-28 | A double free vulnerability has been identified in the ASUS... |
| CVE-2025-1762 | 2025-03-28 | Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF |
| CVE-2025-2328 | 2025-03-28 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-2485 | 2025-03-28 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion |
| CVE-2025-2578 | 2025-03-28 | Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure |