CVE List - 2025 / March
Showing 3501 - 3600 of 4018 CVEs for March 2025 (Page 36 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-2074 | 2025-03-28 | Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter |
| CVE-2025-27567 | 2025-03-28 | Cross-site scripting vulnerability exists in the NickName registration screen of... |
| CVE-2025-27574 | 2025-03-28 | Cross-site scripting vulnerability exists in the USB storage file-sharing function... |
| CVE-2025-27716 | 2025-03-28 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2025-27718 | 2025-03-28 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2025-27726 | 2025-03-28 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2025-27932 | 2025-03-28 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2025-1705 | 2025-03-28 | tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2019-16149 | 2025-03-28 | An Improper Neutralization of Input During Web Page Generation in... |
| CVE-2025-27001 | 2025-03-28 | WordPress Shipmondo plugin <= 5.0.3 - Authenticated Arbitrary WordPress Option Disclosure vulnerability |
| CVE-2025-31102 | 2025-03-28 | WordPress Hostel plugin <= 1.1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31099 | 2025-03-28 | WordPress Slider by BestWebSoft <= 1.1.0 - SQL Injection Vulnerability |
| CVE-2025-31096 | 2025-03-28 | WordPress PostX <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31094 | 2025-03-28 | WordPress WP Posts Carousel <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31093 | 2025-03-28 | WordPress RPS Include Content <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31090 | 2025-03-28 | WordPress Dropdown Multisite selector < 0.9.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31088 | 2025-03-28 | WordPress Paid Member Subscriptions <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31083 | 2025-03-28 | WordPress Leaky Paywall <= 4.21.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31079 | 2025-03-28 | WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31077 | 2025-03-28 | WordPress Ultimate Blocks plugin <= 3.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31076 | 2025-03-28 | WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-31075 | 2025-03-28 | WordPress MicroPayments plugin <= 2.9.29 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31073 | 2025-03-28 | WordPress Unlimited <= 1.45 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2024-12619 | 2025-03-28 | Insufficient Granularity of Access Control in GitLab |
| CVE-2024-10307 | 2025-03-28 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2021-24008 | 2025-03-28 | An exposure of sensitive system information to an unauthorized control... |
| CVE-2025-2868 | 2025-03-28 | Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System |
| CVE-2025-2869 | 2025-03-28 | Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System |
| CVE-2025-2870 | 2025-03-28 | Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System |
| CVE-2025-2815 | 2025-03-28 | Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-31474 | 2025-03-28 | WordPress WP Database Optimizer <= 1.2.1.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31473 | 2025-03-28 | WordPress WP Database Optimizer <= 1.2.1.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31472 | 2025-03-28 | WordPress Flatty <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31471 | 2025-03-28 | WordPress Duplicate Page and Post <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31470 | 2025-03-28 | WordPress Page Takeover <= 1.1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31469 | 2025-03-28 | WordPress Clear Sucuri Cache <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-31466 | 2025-03-28 | WordPress Duplicate Page and Post <= 1.0 - SQL Injection Vulnerability |
| CVE-2025-31465 | 2025-03-28 | WordPress Better Section Navigation Widget <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31464 | 2025-03-28 | WordPress Text Selection Color <= 1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31463 | 2025-03-28 | WordPress TGG WP Optimizer <= 1.22 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31460 | 2025-03-28 | WordPress OmniLeads Scripts and Tags Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31459 | 2025-03-28 | WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31458 | 2025-03-28 | WordPress Video Embedder plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31457 | 2025-03-28 | WordPress LWS SMS <= 2.4.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31456 | 2025-03-28 | WordPress Ultimate Security Checker plugin <= 4.2 - Cross Site Request Forgery (CSRF) to Security Rescan vulnerability |
| CVE-2025-31453 | 2025-03-28 | WordPress YouTube SimpleGallery <= 2.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31452 | 2025-03-28 | WordPress WP Ultimate Search <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31451 | 2025-03-28 | WordPress wBounce <= 1.8.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31450 | 2025-03-28 | WordPress Toggle Box <= 1.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31449 | 2025-03-28 | WordPress The Visitor Counter plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31448 | 2025-03-28 | WordPress Simple Trackback Disabler <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31447 | 2025-03-28 | WordPress NertWorks All in One Social Share Tools <=1.26 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31444 | 2025-03-28 | WordPress ShowTime Slideshow plugin <= 1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31443 | 2025-03-28 | WordPress KK I Like It plugin <= 1.7.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31440 | 2025-03-28 | WordPress Terms of Use plugin <= 2.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31439 | 2025-03-28 | WordPress Browser Caching with .htaccess 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31438 | 2025-03-28 | WordPress WP Supersized <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-31437 | 2025-03-28 | WordPress WP-OGP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31435 | 2025-03-28 | WordPress Microblog Poster plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-31434 | 2025-03-28 | WordPress FormLift for Infusionsoft Web Forms <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31433 | 2025-03-28 | WordPress Magic Embeds <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31432 | 2025-03-28 | WordPress Pop-Up Chop Chop <= 2.1.7 - Local File Inclusion Vulnerability |
| CVE-2025-2908 | 2025-03-28 | Insufficiently Protected Credentials vulnerability in MeetMe products |
| CVE-2025-2909 | 2025-03-28 | Lack of encryption vulnerability in DuoxMe |
| CVE-2025-2910 | 2025-03-28 | User enumeration vulnerability in MeetMe products |
| CVE-2024-11504 | 2025-03-28 | SQL Injection in Streamsoft Prestiż |
| CVE-2024-7407 | 2025-03-28 | Weak password encoding in Streamsoft Prestiż |
| CVE-2025-2911 | 2025-03-28 | Improper Restriction of Excessive Authentication Attempts vulnerability in MeetMe products |
| CVE-2025-2858 | 2025-03-28 | Privilege escalation vulnerability in saTECH BCU |
| CVE-2025-2859 | 2025-03-28 | Improper Authentication vulnerability in saTECH BCU |
| CVE-2025-2860 | 2025-03-28 | Exposure of Sensitive Information vulnerability in saTECH BCU |
| CVE-2025-2861 | 2025-03-28 | Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU |
| CVE-2025-2862 | 2025-03-28 | Weak Encoding for Password vulnerability in saTECH BCU |
| CVE-2025-0986 | 2025-03-28 | IBM PowerVM Hypervisor data manipulation |
| CVE-2025-2863 | 2025-03-28 | Cross-site request forgery (CSRF) vulnerability in saTECH BCU |
| CVE-2025-2864 | 2025-03-28 | Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU |
| CVE-2025-2865 | 2025-03-28 | Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU |
| CVE-2025-1781 | 2025-03-28 | There is a XXE in W3CSS Validator versions before cssval-20250226... |
| CVE-2025-2877 | 2025-03-28 | Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda |
| CVE-2025-2901 | 2025-03-28 | Org.jboss.hal-hal-parent: stored cross-site scripting (xss) in jboss eap management console |
| CVE-2024-39311 | 2025-03-28 | Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction |
| CVE-2025-29928 | 2025-03-28 | authentik's deletion of sessions did not revoke sessions when using database session storage |
| CVE-2025-30371 | 2025-03-28 | Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint |
| CVE-2025-30372 | 2025-03-28 | Emlog Pro contains an SQL injection vulnerability. |
| CVE-2025-30211 | 2025-03-28 | KEX init error results with excessive memory usage |
| CVE-2024-51624 | 2025-03-28 | WordPress Já-Já Pagamentos for WooCommerce plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54291 | 2025-03-28 | WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability |
| CVE-2024-54362 | 2025-03-28 | WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability |
| CVE-2025-22356 | 2025-03-28 | WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22360 | 2025-03-28 | WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22501 | 2025-03-28 | WordPress Improve My City plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22523 | 2025-03-28 | WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability |
| CVE-2025-22526 | 2025-03-28 | WordPress PHP/MySQL CPU performance statistics Plugin <= 1.2.1 - PHP Object Injection vulnerability |
| CVE-2025-22566 | 2025-03-28 | WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22575 | 2025-03-28 | WordPress SUPER RESPONSIVE SLIDER Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22767 | 2025-03-28 | WordPress GlobalPayments WooCommerce Plugin <= 1.13.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31010 | 2025-03-28 | WordPress SimplyRETS Real Estate IDX plugin <= 3.0.3 - CSRF to Multiple Admin Actions vulnerability |
| CVE-2025-2713 | 2025-03-28 | Improper File Permission Handling in Google gVisor runsc |
| CVE-2025-2912 | 2025-03-28 | HDF5 H5Omessage.c H5O_msg_flush heap-based overflow |
| CVE-2025-2913 | 2025-03-28 | HDF5 H5FL.c H5FL__blk_gc_list use after free |