Lista CVE - 2025 / Marzo
Visualizzazione 2001 - 2100 di 4015 CVE per Marzo 2025 (Pagina 21 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-57061 | 2025-03-19 | An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. |
| CVE-2025-26816 | 2025-03-19 | A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially sensitive data from a... |
| CVE-2025-29118 | 2025-03-19 | Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. |
| CVE-2025-29137 | 2025-03-19 | Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. |
| CVE-2025-29401 | 2025-03-19 | An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2025-29405 | 2025-03-19 | An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2025-30092 | 2025-03-19 | Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in multiple Velocity scripts. |
| CVE-2025-30234 | 2025-03-19 | SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26). |
| CVE-2025-30235 | 2025-03-19 | Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent... |
| CVE-2025-30236 | 2025-03-19 | Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter. |
| CVE-2025-30258 | 2025-03-19 | In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user... |
| CVE-2025-30259 | 2025-03-19 | The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by... |
| CVE-2024-10444 | 2025-03-19 | Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2024-10441 | 2025-03-19 | Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows... |
| CVE-2024-10445 | 2025-03-19 | Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers... |
| CVE-2024-10442 | 2025-03-19 | Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code,... |
| CVE-2024-11131 | 2025-03-19 | A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions... |
| CVE-2025-2290 | 2025-03-19 | LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing |
| CVE-2024-12295 | 2025-03-19 | BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password |
| CVE-2024-12922 | 2025-03-19 | Altair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current |
| CVE-2024-50629 | 2025-03-19 | Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow... |
| CVE-2024-50630 | 2025-03-19 | Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. |
| CVE-2024-50631 | 2025-03-19 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote... |
| CVE-2025-1232 | 2025-03-19 | Site Reviews < 7.2.5 - Unauthenticated Stored XSS |
| CVE-2024-13410 | 2025-03-19 | CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler |
| CVE-2024-13412 | 2025-03-19 | CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler |
| CVE-2024-13790 | 2025-03-19 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion |
| CVE-2024-12137 | 2025-03-19 | Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028 |
| CVE-2024-12136 | 2025-03-19 | Improper Access Control in Elfatek Elektronics' ANKA JPD-00028 |
| CVE-2025-27018 | 2025-03-19 | Apache Airflow MySQL Provider: SQL injection in MySQL provider core function |
| CVE-2024-13933 | 2025-03-19 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions |
| CVE-2024-13442 | 2025-03-19 | Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2024-12920 | 2025-03-19 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions |
| CVE-2025-2511 | 2025-03-19 | AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter |
| CVE-2024-45644 | 2025-03-19 | IBM Security ReaQta file upload |
| CVE-2025-2512 | 2025-03-19 | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function |
| CVE-2025-1472 | 2025-03-19 | Unauthorized View Access to Site Statistics and Team Statistics |
| CVE-2024-42176 | 2025-03-19 | HCL MyXalytics is affected by concurrent login vulnerability |
| CVE-2025-26475 | 2025-03-19 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations,... |
| CVE-2025-30154 | 2025-03-19 | Multiple Reviewdog actions were compromised during a specific time period |
| CVE-2025-23382 | 2025-03-19 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote... |
| CVE-2025-2324 | 2025-03-19 | A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder |
| CVE-2025-26485 | 2025-03-19 | A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent... |
| CVE-2025-1758 | 2025-03-19 | Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above |
| CVE-2025-29770 | 2025-03-19 | vLLM denial of service via outlines unbounded cache on disk |
| CVE-2025-29783 | 2025-03-19 | vLLM Allows Remote Code Execution via Mooncake Integration |
| CVE-2025-30196 | 2025-03-19 | Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2025-30197 | 2025-03-19 | Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it. |
| CVE-2025-30144 | 2025-03-19 | Fast-JWT Improperly Validates iss Claims |
| CVE-2025-26486 | 2025-03-19 | Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life... |
| CVE-2025-30152 | 2025-03-19 | Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout |
| CVE-2025-30153 | 2025-03-19 | Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter |
| CVE-2024-53970 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-53969 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-53968 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-53967 | 2025-03-19 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-0431 | 2025-03-19 | Enterprise Protection Backslash URL Rewrite Bypass |
| CVE-2025-29924 | 2025-03-19 | XWiki uses the wrong wiki reference in AuthorizationManager |
| CVE-2025-29925 | 2025-03-19 | XWiki allows unregistered users to access private pages information through REST endpoint |
| CVE-2025-29926 | 2025-03-19 | The WikiManager REST API allows any user to create wikis |
| CVE-2024-25132 | 2025-03-19 | Openshift-dedicated: hive: hibernation controller denial of service |
| CVE-2024-51459 | 2025-03-19 | IBM InfoSphere Server Information command execution |
| CVE-2024-7631 | 2025-03-19 | Openshift-console: openshift console: path traversal |
| CVE-2025-2476 | 2025-03-19 | Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2025-2536 | 2025-03-19 | Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through... |
| CVE-2025-27415 | 2025-03-19 | Nuxt allows DOS via cache poisoning with payload rendering response |
| CVE-2025-27704 | 2025-03-19 | There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system... |
| CVE-2025-27705 | 2025-03-19 | There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system... |
| CVE-2025-27780 | 2025-03-19 | Applio allows unsafe deserialization in model_information.py |
| CVE-2025-27781 | 2025-03-19 | Applio allows unsafe deserialization in inference.py |
| CVE-2025-27785 | 2025-03-19 | Applio allows arbitrary file read in train.py export_index function |
| CVE-2025-27786 | 2025-03-19 | Applio allows arbitrary file removal in core.py |
| CVE-2025-27787 | 2025-03-19 | Applio allows a DoS in restart.py |
| CVE-2025-27784 | 2025-03-19 | Applio allows arbitrary file read in train.py export_pth function |
| CVE-2025-27783 | 2025-03-19 | Applio allows arbitrary file write in train.py |
| CVE-2025-27782 | 2025-03-19 | Applio allows arbitrary file write in inference.py |
| CVE-2025-27779 | 2025-03-19 | Applio allows unsafe deserialization in model_blender.py |
| CVE-2025-27778 | 2025-03-19 | Applio allows unsafe deserialization in infer.py |
| CVE-2025-27777 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2025-27776 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2025-27775 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2025-27774 | 2025-03-19 | Applio allows SSRF and file write in model_download.py |
| CVE-2024-48590 | 2025-03-20 | Inflectra SpiraTeam 7.2.00 is vulnerable to Server-Side Request Forgery (SSRF) via the NewsReaderService. This allows an attacker to escalate privileges and obtain sensitive information. |
| CVE-2024-48591 | 2025-03-20 | Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting (XSS). A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing. |
| CVE-2024-57440 | 2025-03-20 | D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi |
| CVE-2025-25758 | 2025-03-20 | An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml |
| CVE-2025-26852 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 allows SQL Injection. |
| CVE-2025-26853 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema. |
| CVE-2025-29101 | 2025-03-20 | Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. |
| CVE-2025-29121 | 2025-03-20 | A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow. |
| CVE-2025-29149 | 2025-03-20 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. |
| CVE-2025-29214 | 2025-03-20 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. |
| CVE-2025-29215 | 2025-03-20 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. |
| CVE-2025-29217 | 2025-03-20 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2025-29218 | 2025-03-20 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2025-29410 | 2025-03-20 | A cross-site scripting (XSS) vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2025-29411 | 2025-03-20 | An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2025-29412 | 2025-03-20 | A cross-site scripting (XSS) vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload... |
| CVE-2025-1314 | 2025-03-20 | Custom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin Function |
| CVE-2025-1770 | 2025-03-20 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion |