Lista CVE - 2025 / Marzo
Visualizzazione 1801 - 1900 di 4015 CVE per Marzo 2025 (Pagina 19 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-25684 | 2025-03-17 | A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST... |
| CVE-2025-25685 | 2025-03-17 | An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive... |
| CVE-2025-25914 | 2025-03-17 | SQL injection vulnerability in Online Exam Mastering System v.1.0 allows a remote attacker to execute arbitrary code via the fid parameter |
| CVE-2025-26042 | 2025-03-17 | Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the... |
| CVE-2025-26125 | 2025-03-17 | An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges. |
| CVE-2025-26127 | 2025-03-17 | A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2025-29425 | 2025-03-17 | Code-projects Online Class and Exam Scheduling System 1.0 is vulnerable to SQL Injection in exam_save.php via the parameters member and first. |
| CVE-2025-29426 | 2025-03-17 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/class.php via the id and cys parameters. |
| CVE-2025-29427 | 2025-03-17 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in profile.php via the member_first and member_last parameters. |
| CVE-2025-29429 | 2025-03-17 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/program.php via the id, code, and name parameters. |
| CVE-2025-29430 | 2025-03-17 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters. |
| CVE-2025-29431 | 2025-03-17 | Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/department.php via the id, code, and name parameters. |
| CVE-2025-30143 | 2025-03-17 | Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties. |
| CVE-2025-2354 | 2025-03-17 | VAM Virtual Airlines Manager index.php cross site scripting |
| CVE-2025-2355 | 2025-03-17 | BlackVue App API Endpoint credentials storage |
| CVE-2025-2356 | 2025-03-17 | BlackVue App API deviceDelete get request method with sensitive query strings |
| CVE-2025-2357 | 2025-03-17 | DCMTK dcmjpls JPEG-LS Decoder memory corruption |
| CVE-2025-2358 | 2025-03-17 | Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Service.asmx sql injection |
| CVE-2025-2359 | 2025-03-17 | D-Link DIR-823G DDNS Service HNAP1 SetDDNSSettings improper authorization |
| CVE-2025-2360 | 2025-03-17 | D-Link DIR-823G UPnP Service HNAP1 SetUpnpSettings improper authorization |
| CVE-2025-2361 | 2025-03-17 | Mercurial SCM Web Interface cross site scripting |
| CVE-2025-2362 | 2025-03-17 | PHPGurukul Pre-School Enrollment System contact-us.php sql injection |
| CVE-2025-2363 | 2025-03-17 | lenve VBlog ArticleController.java uploadImg path traversal |
| CVE-2025-2395 | 2025-03-17 | e-Excellence U-Office Force - Improper Authentication |
| CVE-2025-2396 | 2025-03-17 | e-Excellence U-Office Force - Arbitrary File Upload |
| CVE-2025-2364 | 2025-03-17 | lenve VBlog ArticleService.java addNewArticle cross site scripting |
| CVE-2025-2365 | 2025-03-17 | crmeb_java WeChatMessageController.java webHook xml external entity reference |
| CVE-2025-1724 | 2025-03-17 | Account Takeover |
| CVE-2025-2366 | 2025-03-17 | gougucms Add Department Page add cross site scripting |
| CVE-2025-2367 | 2025-03-17 | Oiwtech OIW-2431APGN-HP Personal Script Submenu formScript os command injection |
| CVE-2025-2368 | 2025-03-17 | WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow |
| CVE-2025-2369 | 2025-03-17 | TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow |
| CVE-2025-2370 | 2025-03-17 | TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow |
| CVE-2024-12971 | 2025-03-17 | QuickShell Authenticated Command Injection |
| CVE-2024-12992 | 2025-03-17 | Remote Code Execution leads to Command Injection |
| CVE-2025-2371 | 2025-03-17 | PHPGurukul Human Metapneumovirus Testing Management System Registered Mobile Number Search registered-user-testing.php cross site scripting |
| CVE-2025-2372 | 2025-03-17 | PHPGurukul Human Metapneumovirus Testing Management System Password Recovery Page password-recovery.php sql injection |
| CVE-2025-2199 | 2025-03-17 | SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php |
| CVE-2025-2200 | 2025-03-17 | SQL injection vulnerability in the Innovación y Cualificación IcProgreso plugin |
| CVE-2025-2201 | 2025-03-17 | Broken access control vulnerability in the Innovación y Cualificación IcProgreso plugin |
| CVE-2025-2202 | 2025-03-17 | Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php |
| CVE-2025-2373 | 2025-03-17 | PHPGurukul Human Metapneumovirus Testing Management System check_availability.php sql injection |
| CVE-2025-2374 | 2025-03-17 | PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection |
| CVE-2025-2375 | 2025-03-17 | PHPGurukul Human Metapneumovirus Testing Management System Admin Profile Page profile.php cross site scripting |
| CVE-2025-2376 | 2025-03-17 | viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization |
| CVE-2025-2401 | 2025-03-17 | Buffer overflow in Immunity Debugger |
| CVE-2025-2377 | 2025-03-17 | SourceCodester Vehicle Management System confirmbooking.php cross site scripting |
| CVE-2025-2378 | 2025-03-17 | PHPGurukul Medical Card Generation System download-medical-cards.php sql injection |
| CVE-2019-15706 | 2025-03-17 | An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8... |
| CVE-2021-26087 | 2025-03-17 | An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote... |
| CVE-2024-54027 | 2025-03-17 | A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below,... |
| CVE-2021-32584 | 2025-03-17 | An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow... |
| CVE-2021-22126 | 2025-03-17 | A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker... |
| CVE-2019-17659 | 2025-03-17 | A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by... |
| CVE-2020-29010 | 2025-03-17 | An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events... |
| CVE-2025-27102 | 2025-03-17 | Agate vulnerable to HTML injection in user signup - Administrator phishing risk |
| CVE-2025-29786 | 2025-03-17 | Memory Exhaustion in Expr Parser with Unrestricted Input |
| CVE-2025-29787 | 2025-03-17 | zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write |
| CVE-2025-29788 | 2025-03-17 | Sylius PayPal Plugin Payment Amount Manipulation Vulnerability |
| CVE-2025-2379 | 2025-03-17 | PHPGurukul Apartment Visitors Management System create-pass.php sql injection |
| CVE-2020-9295 | 2025-03-17 | FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not... |
| CVE-2019-6697 | 2025-03-17 | An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an... |
| CVE-2024-9055 | 2025-03-17 | DPA Countermeasures need reseeding |
| CVE-2025-0595 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0596 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x |
| CVE-2025-0598 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0599 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x |
| CVE-2025-0600 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x |
| CVE-2025-0601 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0826 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0827 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0828 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0829 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0830 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0832 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2025-0833 | 2025-03-17 | Stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x |
| CVE-2025-2380 | 2025-03-17 | PHPGurukul Apartment Visitors Management System admin-profile.php sql injection |
| CVE-2025-1398 | 2025-03-17 | macOS TCC Bypass via Code Injection |
| CVE-2025-2381 | 2025-03-17 | PHPGurukul Curfew e-Pass Management System search-pass.php sql injection |
| CVE-2025-27512 | 2025-03-17 | Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods |
| CVE-2025-2382 | 2025-03-17 | PHPGurukul Online Banquet Booking System booking-search.php sql injection |
| CVE-2025-1774 | 2025-03-17 | Logs manipulation in BotSense |
| CVE-2025-2383 | 2025-03-17 | PHPGurukul Doctor Appointment Management System search.php sql injection |
| CVE-2025-2384 | 2025-03-17 | code-projects Real Estate Property Management System Parameter InsertCustomer.php sql injection |
| CVE-2025-2241 | 2025-03-17 | Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm |
| CVE-2025-2385 | 2025-03-17 | code-projects Modern Bag login.php sql injection |
| CVE-2024-48013 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to... |
| CVE-2024-48830 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access... |
| CVE-2025-2386 | 2025-03-17 | PHPGurukul Local Services Search Engine Management System serviceman-search.php sql injection |
| CVE-2025-22474 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to... |
| CVE-2024-48828 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized... |
| CVE-2024-48015 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access... |
| CVE-2024-48017 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access... |
| CVE-2024-49559 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to... |
| CVE-2025-2387 | 2025-03-17 | SourceCodester Online Food Ordering System ajax.php sql injection |
| CVE-2024-49561 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation... |
| CVE-2025-22473 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access... |
| CVE-2025-22472 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access... |
| CVE-2025-2388 | 2025-03-17 | Keytop 路内停车收费系统 API getParks improper authentication |
| CVE-2024-48831 | 2025-03-17 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |