Lista CVE - 2025 / Marzo
Visualizzazione 2701 - 2800 di 4015 CVE per Marzo 2025 (Pagina 28 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-30587 | 2025-03-24 | WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30588 | 2025-03-24 | WordPress Map Contact plugin <= 3.0.4 - CSRF to Stored XSS Vulnerability |
| CVE-2025-30590 | 2025-03-24 | WordPress Flickr set slideshows - <= <= 0.9 SQL Injection Vulnerability |
| CVE-2025-30591 | 2025-03-24 | WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability |
| CVE-2025-30592 | 2025-03-24 | WordPress Advanced Dewplayer - <= <= 1.6 Broken Access Control Vulnerability |
| CVE-2025-30593 | 2025-03-24 | WordPress Include URL - <= <= 0.3.5 Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30595 | 2025-03-24 | WordPress include-file - <= <= 1 Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30597 | 2025-03-24 | WordPress IG Shortcodes - <= <= 3.1 Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30598 | 2025-03-24 | WordPress OSS Upload - <= <= 4.8.9 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30599 | 2025-03-24 | WordPress WP Parallax Content Slider plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30600 | 2025-03-24 | WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30601 | 2025-03-24 | WordPress Flipdish Ordering System plugin <= 1.4.16 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-30602 | 2025-03-24 | WordPress Related Posts via Categories plugin <= 2.1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-30603 | 2025-03-24 | WordPress CopyLink plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-30604 | 2025-03-24 | WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability |
| CVE-2025-30605 | 2025-03-24 | WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability |
| CVE-2025-30606 | 2025-03-24 | WordPress Easy Page Transition plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30608 | 2025-03-24 | WordPress WordPress SQL Backup - <= <= 3.5.2 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30609 | 2025-03-24 | WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability |
| CVE-2025-30610 | 2025-03-24 | WordPress WP Social Widget - <= <= 2.2.6 Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30612 | 2025-03-24 | WordPress Replace Default Words plugin <= 1.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-30615 | 2025-03-24 | WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability |
| CVE-2025-30617 | 2025-03-24 | WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30619 | 2025-03-24 | WordPress SpeakPipe - <= <= 0.2 Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-30620 | 2025-03-24 | WordPress WP Odoo Form Integrator plugin <=1.1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-30621 | 2025-03-24 | WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-30623 | 2025-03-24 | WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-1558 | 2025-03-24 | Denial of Service Via Malicious GIF |
| CVE-2021-26105 | 2025-03-24 | A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code... |
| CVE-2025-0256 | 2025-03-24 | HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure |
| CVE-2021-26091 | 2025-03-24 | A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow... |
| CVE-2023-25610 | 2025-03-24 | A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below,... |
| CVE-2025-23204 | 2025-03-24 | GraphQl securityAfterResolver not called |
| CVE-2025-2705 | 2025-03-24 | Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload |
| CVE-2024-9103 | 2025-03-24 | Persistent XSS in blocked messages |
| CVE-2025-0255 | 2025-03-24 | HCL DevOps Deploy / HCL Launch is susceptible to command injection vulnerability |
| CVE-2025-29778 | 2025-03-24 | Kyverno ignores subjectRegExp and IssuerRegExp |
| CVE-2025-30205 | 2025-03-24 | kanidm-provision leaks provisioned admin credentials into the system log |
| CVE-2025-30208 | 2025-03-24 | Vite bypasses server.fs.deny when using `?raw??` |
| CVE-2025-22223 | 2025-03-24 | Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are... |
| CVE-2025-2746 | 2025-03-24 | Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass |
| CVE-2025-2747 | 2025-03-24 | Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass |
| CVE-2025-2749 | 2025-03-24 | Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE |
| CVE-2025-2748 | 2025-03-24 | Kentico Xperience stored cross-site scripting in multiple-file upload functionality |
| CVE-2025-2706 | 2025-03-24 | Digiwin ERP UploadAjaxAPI.ashx unrestricted upload |
| CVE-2025-30162 | 2025-03-24 | East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers |
| CVE-2025-30163 | 2025-03-24 | Node based network policies may incorrectly allow workload traffic |
| CVE-2025-2707 | 2025-03-24 | zhijiantianya ruoyi-vue-pro Front-End Store Interface upload path traversal |
| CVE-2025-2708 | 2025-03-24 | zhijiantianya ruoyi-vue-pro Backend File Upload Interface upload path traversal |
| CVE-2025-2231 | 2025-03-24 | PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2025-2709 | 2025-03-24 | Yonyou UFIDA ERP-NC login.jsp cross site scripting |
| CVE-2025-2710 | 2025-03-24 | Yonyou UFIDA ERP-NC menu.jsp cross site scripting |
| CVE-2025-2711 | 2025-03-24 | Yonyou UFIDA ERP-NC systop.jsp cross site scripting |
| CVE-2025-2712 | 2025-03-24 | Yonyou UFIDA ERP-NC top.jsp cross site scripting |
| CVE-2025-2714 | 2025-03-24 | JoomlaUX JUX Real Estate addagent cross site scripting |
| CVE-2025-26512 | 2025-03-24 | CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter |
| CVE-2025-2715 | 2025-03-24 | timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting |
| CVE-2025-2716 | 2025-03-24 | China Mobile P22g-CIac Samba Path path traversal |
| CVE-2025-1974 | 2025-03-24 | ingress-nginx admission controller RCE escalation |
| CVE-2025-1097 | 2025-03-24 | ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation |
| CVE-2025-1098 | 2025-03-24 | ingress-nginx controller - configuration injection via unsanitized mirror annotations |
| CVE-2025-24513 | 2025-03-24 | ingress-nginx controller - auth secret file path traversal vulnerability |
| CVE-2025-24514 | 2025-03-24 | ingress-nginx controller - configuration injection via unsanitized auth-url annotation |
| CVE-2025-2717 | 2025-03-24 | D-Link DIR-823X HTTP POST Request diag_nslookup sub_41710C os command injection |
| CVE-2024-42533 | 2025-03-25 | SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter. |
| CVE-2024-44903 | 2025-03-25 | SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement,... |
| CVE-2024-48818 | 2025-03-25 | An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. |
| CVE-2024-55028 | 2025-03-25 | A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. |
| CVE-2024-55029 | 2025-03-25 | NASA Fprime v3.4.3 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. |
| CVE-2024-55030 | 2025-03-25 | A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. |
| CVE-2025-25371 | 2025-03-25 | NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. |
| CVE-2025-25372 | 2025-03-25 | NASA cFS (Core Flight System) Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module. |
| CVE-2025-25373 | 2025-03-25 | The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. |
| CVE-2025-25374 | 2025-03-25 | In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform... |
| CVE-2025-27809 | 2025-03-25 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. |
| CVE-2025-27810 | 2025-03-25 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading... |
| CVE-2025-27830 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. |
| CVE-2025-27831 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. |
| CVE-2025-27832 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. |
| CVE-2025-27833 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. |
| CVE-2025-27834 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. |
| CVE-2025-27835 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. |
| CVE-2025-27836 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. |
| CVE-2025-27837 | 2025-03-25 | An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. |
| CVE-2025-29635 | 2025-03-25 | A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the... |
| CVE-2025-30091 | 2025-03-25 | In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand... |
| CVE-2025-30118 | 2025-03-25 | An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not... |
| CVE-2025-30741 | 2025-03-25 | Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers... |
| CVE-2025-2725 | 2025-03-25 | H3C Magic BE18000 HTTP POST Request auth command injection |
| CVE-2025-2726 | 2025-03-25 | H3C Magic BE18000 HTTP POST Request esps command injection |
| CVE-2025-2727 | 2025-03-25 | H3C Magic NX30 Pro HTTP POST Request getNetworkStatus command injection |
| CVE-2025-2728 | 2025-03-25 | H3C Magic NX30 Pro/Magic NX400 getNetworkConf command injection |
| CVE-2025-2729 | 2025-03-25 | H3C Magic BE18000 HTTP POST Request networkSetup command injection |
| CVE-2025-2730 | 2025-03-25 | H3C Magic BE18000 HTTP POST Request getssidname command injection |
| CVE-2025-2731 | 2025-03-25 | H3C Magic BE18000 HTTP POST Request getDualbandSync command injection |
| CVE-2025-2732 | 2025-03-25 | H3C Magic BE18000 HTTP POST Request getWifiNeighbour command injection |
| CVE-2024-8313 | 2025-03-25 | Default or Guessable SNMP community names in B&R APROL |
| CVE-2024-8314 | 2025-03-25 | Improper session handling in B&R APROL |
| CVE-2025-2733 | 2025-03-25 | mannaandpoem OpenManus Prompt python_execute.py os command injection |
| CVE-2025-2734 | 2025-03-25 | PHPGurukul Old Age Home Management System aboutus.php sql injection |