CVE List - 2025 / March

Showing 301 - 400 of 4018 CVEs for March 2025 (Page 4 of 41)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-25129	2025-03-03	WordPress Callback Request plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-25130	2025-03-03	WordPress Delete Comments By Status plugin <= 1.5.3 - Local File Inclusion vulnerability
CVE-2025-25131	2025-03-03	WordPress RJ Quickcharts plugin <= 0.6.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-25132	2025-03-03	WordPress Visitor Details plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-25133	2025-03-03	WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability
CVE-2025-25137	2025-03-03	WordPress Social Links plugin <= 1.0.11 - Stored Cross-Site Scripting vulnerability
CVE-2025-25142	2025-03-03	WordPress WP Less Compiler plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-25150	2025-03-03	Directory Listings WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability
CVE-2025-25157	2025-03-03	WordPress WP Church Center Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-25158	2025-03-03	WordPress Uncomplicated SEO plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-25161	2025-03-03	WordPress WP Find Your Nearest Plugin <= 0.3.1 - CSRF to Settings Change vulnerability
CVE-2025-25162	2025-03-03	WordPress Sports Rankings and Lists plugin <= 2.3 - Arbitrary File Download vulnerability
CVE-2025-25164	2025-03-03	WordPress Meta Accelerator plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-25165	2025-03-03	WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-25169	2025-03-03	WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-25170	2025-03-03	WordPress Migrate Posts Plugin <=1.0 - Post Based Cross Site Scripting (XSS) vulnerability
CVE-2025-26534	2025-03-03	WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability
CVE-2025-26535	2025-03-03	WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability
CVE-2025-26540	2025-03-03	WordPress Helloprint Plugin <= 2.0.7 - Arbitrary File Deletion vulnerability
CVE-2025-26557	2025-03-03	WordPress ViperBar Plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26563	2025-03-03	WordPress Rocket Mobile Plugin <= 0.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26585	2025-03-03	WordPress DL Leadback Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26586	2025-03-03	WordPress Events Planner Plugin <= 1.3.10 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26587	2025-03-03	WordPress sidebarTabs Plugin <= 3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26588	2025-03-03	WordPress TTT Crop Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26589	2025-03-03	WordPress IE CSS3 Support Plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27263	2025-03-03	WordPress Doctor Appointment Booking Plugin <= 1.0.0 - SQL Injection vulnerability
CVE-2025-27264	2025-03-03	WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability
CVE-2025-27268	2025-03-03	WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability
CVE-2025-27269	2025-03-03	WordPress .htaccess Login block Plugin <= 0.9a - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27270	2025-03-03	WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2025-27271	2025-03-03	WordPress DB Tables Import/Export Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27273	2025-03-03	WordPress Affiliate Links Manager Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27274	2025-03-03	WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability
CVE-2025-27275	2025-03-03	WordPress WOO Codice Fiscale plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-27278	2025-03-03	WordPress AcuGIS Leaflet Maps Plugin <= 5.1.1.0 - Multiple Cross Site Scripting (XSS) vulnerabilities
CVE-2025-27279	2025-03-03	WordPress Flashfader Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26879	2025-03-03	WordPress s2Member Plugin <= 241216 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26885	2025-03-03	WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability
CVE-2025-26914	2025-03-03	WordPress Variable Inspector plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26917	2025-03-03	WordPress WP Templata plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26918	2025-03-03	WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26967	2025-03-03	WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability
CVE-2025-26970	2025-03-03	WordPress Ark Theme Core plugin < 1.71.0 - Unauthenticated Remote Code Execution (RCE) vulnerability
CVE-2025-26984	2025-03-03	WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-26988	2025-03-03	WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability
CVE-2025-26989	2025-03-03	WordPress Zigaform – Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-26994	2025-03-03	WordPress Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin <= 7.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-47092	2025-03-03	Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api
CVE-2024-54179	2025-03-03	IBM Business Automation Workflow cross-site scripting
CVE-2025-1125	2025-03-03	Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write
CVE-2025-0689	2025-03-03	Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution
CVE-2024-45780	2025-03-03	Grub2: fs/tar: integer overflow causes heap oob write
CVE-2024-8261	2025-03-03	IDOR in Proliz Software's OBS
CVE-2024-45779	2025-03-03	Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser
CVE-2024-8262	2025-03-03	Path Traversal in Proliz Software's OBS
CVE-2025-1801	2025-03-03	Aap-gateway: aap-gateway privilege escalation
CVE-2025-24023	2025-03-03	Observable Response Discrepancy in flask-appbuilder
CVE-2024-43169	2025-03-03	IBM Engineering Requirements Management DOORS Next file download
CVE-2024-41770	2025-03-03	IBM Engineering Requirements Management DOORS Next information disclosure
CVE-2024-41771	2025-03-03	IBM Engineering Requirements Management DOORS Next information disclosure
CVE-2025-25185	2025-03-03	GPT Academic allows arbitary file read by tarfile uncompress within softlink
CVE-2025-27094	2025-03-03	Tuleap allows default values to be cleared from field configuration
CVE-2025-27099	2025-03-03	Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message
CVE-2025-27417	2025-03-03	WeGIA Contains a Stored Cross-Site Scripting (XSS) in 'adicionar_status_atendido.php' via the 'status' parameter
CVE-2025-0555	2025-03-03	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2025-27418	2025-03-03	WeGIA contains a Stored Cross-Site Scripting (XSS) in 'adicionar_tipo_atendido.php' via the 'tipo' parameter
CVE-2024-55532	2025-03-03	Apache Ranger: Improper Neutralization of Formula Elements in a CSV File
CVE-2025-27420	2025-03-03	WeGIA contains a Stored Cross-Site Scripting (XSS) in 'atendido_parentesco_adicionar.php' via the 'descricao' parameter
CVE-2025-27419	2025-03-03	Denial of Service (DoS) in WeGIA due to Recursive Crawling of Dynamic URLs
CVE-2025-27421	2025-03-03	Goroutine Leak in Abacus SSE Implementation
CVE-2025-0289	2025-03-03	CVE-2025-0289
CVE-2025-0288	2025-03-03	CVE-2025-0288
CVE-2025-0287	2025-03-03	CVE-2025-0287
CVE-2025-0286	2025-03-03	CVE-2025-0286
CVE-2025-0285	2025-03-03	CVE-2025-0285
CVE-2025-27422	2025-03-03	FACTION Allows Authentication Bypass via User Creation
CVE-2025-27423	2025-03-03	Improper Input Validation in Vim
CVE-2025-25301	2025-03-03	Rembg allows SSRF via /api/remove
CVE-2025-25302	2025-03-03	Rembg CORS misconfiguration
CVE-2025-25303	2025-03-03	Server-Side Request Forgery (SSRF) in MouseTooltipTranslator
CVE-2025-27498	2025-03-03	AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
CVE-2025-1876	2025-03-03	D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow
CVE-2024-45778	2025-03-03	Grub2: fs/bfs: integer overflow in the bfs parser.
CVE-2024-45782	2025-03-03	Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
CVE-2025-0678	2025-03-03	Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data
CVE-2025-0684	2025-03-03	Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
CVE-2025-0685	2025-03-03	Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
CVE-2025-0686	2025-03-03	Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat
CVE-2024-30154	2025-03-03	HCL SX is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability
CVE-2025-27499	2025-03-03	WeGIA has a stored Cross-Site Scripting (XSS) in 'processa_edicao_socio.php' via the 'socio_nome' parameter
CVE-2025-27500	2025-03-03	Cross Site Scripting potential in Ziti Console
CVE-2025-1877	2025-03-03	D-Link DAP-1562 HTTP POST Request pure_auth_check null pointer dereference
CVE-2025-27501	2025-03-03	Server Side Request Forgery in Ziti Console
CVE-2025-1889	2025-03-03	picklescan - Security scanning bypass via non-standard file extensions
CVE-2025-1878	2025-03-03	i-Drive i11/i12 WiFi default password
CVE-2025-1879	2025-03-03	i-Drive i11/i12 APK hard-coded credentials
CVE-2024-5888	2025-03-03	Stored XSS in Rest Services API for a Toolbox published as GP Service
CVE-2024-10904	2025-03-03	Stored XSS in Server Admin API
CVE-2024-51942	2025-03-03	Stored XSS vulnerability in Rest Admin API under Hosted Feature Services page