CVE List - 2025 / March
Showing 3801 - 3900 of 4015 CVEs for March 2025 (Page 39 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-29766 | 2025-03-31 | Tuleap has missing CSRF protections on artifact submission & edition from the tracker view |
| CVE-2025-29929 | 2025-03-31 | Tuleap is missing CSRF protection on tracker hierarchy administration |
| CVE-2025-30203 | 2025-03-31 | Tuleap allows XSS via the content of RSS feeds in the RSS widgets |
| CVE-2025-30209 | 2025-03-31 | Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin |
| CVE-2025-30155 | 2025-03-31 | Tuleap does not enforce read permissions on parent trackers in the REST API |
| CVE-2025-3002 | 2025-03-31 | Digital China DCME-520 mon_merge_stat_hist.php os command injection |
| CVE-2025-1449 | 2025-03-31 | Admin Shell Access Vulnerability in Rockwell Automation Verve Asset Manager |
| CVE-2025-29772 | 2025-03-31 | OpenEMR allows Reflected XSS in CAMOS new.php |
| CVE-2025-30149 | 2025-03-31 | OpenEMR Reflected XSS in AJAX Script |
| CVE-2025-30161 | 2025-03-31 | OpenEMR Stored XSS in OpenEMR Bronchitis Form |
| CVE-2025-30223 | 2025-03-31 | Beego allows Reflected/Stored XSS in Beego's RenderForm() Function Due to Unescaped User Input |
| CVE-2025-2794 | 2025-03-31 | Kentico Xperience <= 13.0.180 Unsafe Reflection |
| CVE-2025-30368 | 2025-03-31 | Zulip allows the deletion of organization by administrators of a different organization |
| CVE-2025-3003 | 2025-03-31 | ESAFENET CDG UserAjax sql injection |
| CVE-2025-30369 | 2025-03-31 | Zulip allows the deletion of Custom profile fields by administrators of a different organization |
| CVE-2025-2292 | 2025-03-31 | Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure |
| CVE-2025-30004 | 2025-03-31 | Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection |
| CVE-2025-31116 | 2025-03-31 | Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding |
| CVE-2025-30005 | 2025-03-31 | Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion |
| CVE-2025-31117 | 2025-03-31 | OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability |
| CVE-2025-30006 | 2025-03-31 | Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting |
| CVE-2025-31122 | 2025-03-31 | scratch-coding-hut.github.io Login Links Generation vulnerability |
| CVE-2025-3004 | 2025-03-31 | Sayski ForestBlog search cross site scripting |
| CVE-2025-31125 | 2025-03-31 | Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query |
| CVE-2025-3005 | 2025-03-31 | Sayski ForestBlog Friend Link cross site scripting |
| CVE-2025-3006 | 2025-03-31 | PHPGurukul e-Diary Management System edit-category.php sql injection |
| CVE-2025-3007 | 2025-03-31 | Novastar CX40 NetFilter Utility netconfig getopt stack-based overflow |
| CVE-2025-29908 | 2025-03-31 | Netty QUIC hash collision DoS attack |
| CVE-2025-31128 | 2025-03-31 | gifplayer XSS vulnerability |
| CVE-2025-3008 | 2025-03-31 | Novastar CX40 NetFilter Utility netconfig popen command injection |
| CVE-2025-31129 | 2025-03-31 | jooby-pac4j: deserialization of untrusted data |
| CVE-2025-3009 | 2025-03-31 | Jinher Network OA NetDiskProperty.aspx sql injection |
| CVE-2025-31123 | 2025-03-31 | Zitadel Expired JWT Keys Usable for Authorization Grants |
| CVE-2025-31124 | 2025-03-31 | Zitadel allows User Enumeration by loginname attribute normalization |
| CVE-2025-21893 | 2025-03-31 | keys: Fix UAF in key_put() |
| CVE-2025-3010 | 2025-03-31 | Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference |
| CVE-2025-3015 | 2025-03-31 | Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds |
| CVE-2024-24456 | 2025-03-31 | An E-RAB Release Command packet containing a malformed NAS PDU will cause the Athonet MME to immediately crash, potentially due to a buffer overflow. |
| CVE-2025-3016 | 2025-03-31 | Open Asset Import Library Assimp MDL File MDLMaterialLoader.cpp ParseTextureColorData resource consumption |
| CVE-2025-3017 | 2025-03-31 | TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write |
| CVE-2025-3057 | 2025-03-31 | Drupal core - Critical - Cross site scripting - SA-CORE-2025-001 |
| CVE-2025-31673 | 2025-03-31 | Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 |
| CVE-2025-31674 | 2025-03-31 | Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 |
| CVE-2025-31675 | 2025-03-31 | Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 |
| CVE-2025-31676 | 2025-03-31 | Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-001 |
| CVE-2025-31677 | 2025-03-31 | AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003 |
| CVE-2025-31678 | 2025-03-31 | AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004 |
| CVE-2025-31679 | 2025-03-31 | Ignition Error Pages - Critical - Cross Site Scripting - SA-CONTRIB-2025-007 |
| CVE-2025-31680 | 2025-03-31 | Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008 |
| CVE-2025-31681 | 2025-03-31 | Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 |
| CVE-2025-31682 | 2025-03-31 | Google Tag - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-011 |
| CVE-2025-31683 | 2025-03-31 | Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012 |
| CVE-2025-31684 | 2025-03-31 | OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013 |
| CVE-2025-31685 | 2025-03-31 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014 |
| CVE-2025-31686 | 2025-03-31 | Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015 |
| CVE-2025-31687 | 2025-03-31 | SpamSpan filter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-016 |
| CVE-2025-31688 | 2025-03-31 | Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017 |
| CVE-2025-31689 | 2025-03-31 | General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018 |
| CVE-2025-31690 | 2025-03-31 | Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019 |
| CVE-2025-31691 | 2025-03-31 | OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020 |
| CVE-2025-31692 | 2025-03-31 | AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021 |
| CVE-2025-26683 | 2025-03-31 | Azure Playwright Elevation of Privilege Vulnerability |
| CVE-2025-31693 | 2025-03-31 | AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022 |
| CVE-2025-31694 | 2025-03-31 | Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023 |
| CVE-2025-31695 | 2025-03-31 | Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024 |
| CVE-2025-31696 | 2025-03-31 | RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025 |
| CVE-2025-31697 | 2025-03-31 | Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026 |
| CVE-2025-3018 | 2025-03-31 | SourceCodester Online Eyewear Shop Users.php sql injection |
| CVE-2025-3036 | 2025-03-31 | yzk2356911358 StudentServlet-JSP Student Management cross site scripting |
| CVE-2025-3059 | 2025-03-31 | Profile Private - Critical - Unsupported - SA-CONTRIB-2025-002 |
| CVE-2025-3060 | 2025-03-31 | Flattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005 |
| CVE-2025-3061 | 2025-03-31 | Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006 |
| CVE-2025-30449 | 2025-03-31 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root... |
| CVE-2025-24236 | 2025-03-31 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. |
| CVE-2025-24148 | 2025-03-31 | This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass... |
| CVE-2025-24261 | 2025-03-31 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts... |
| CVE-2025-3062 | 2025-03-31 | Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010 |
| CVE-2025-24277 | 2025-03-31 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An... |
| CVE-2025-31188 | 2025-03-31 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy... |
| CVE-2025-24172 | 2025-03-31 | A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. "Block All Remote Content" may not apply... |
| CVE-2025-30424 | 2025-03-31 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose... |
| CVE-2025-30465 | 2025-03-31 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to... |
| CVE-2025-24164 | 2025-03-31 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected... |
| CVE-2025-30432 | 2025-03-31 | A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma... |
| CVE-2025-31192 | 2025-03-31 | The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor... |
| CVE-2025-24282 | 2025-03-31 | A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system. |
| CVE-2025-31184 | 2025-03-31 | This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized... |
| CVE-2025-24257 | 2025-03-31 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able... |
| CVE-2025-30428 | 2025-03-31 | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without... |
| CVE-2025-24191 | 2025-03-31 | The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file... |
| CVE-2025-24216 | 2025-03-31 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing... |
| CVE-2025-24095 | 2025-03-31 | This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences. |
| CVE-2025-30469 | 2025-03-31 | This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able... |
| CVE-2025-24241 | 2025-03-31 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a... |
| CVE-2025-24240 | 2025-03-31 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive... |
| CVE-2025-24217 | 2025-03-31 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able... |
| CVE-2025-30429 | 2025-03-31 | A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia... |
| CVE-2025-24190 | 2025-03-31 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4,... |
| CVE-2025-24256 | 2025-03-31 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to disclose kernel... |
| CVE-2025-30452 | 2025-03-31 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An input validation issue was addressed. |