Lista CVE - 2025 / Marzo
Visualizzazione 2801 - 2900 di 4018 CVE per Marzo 2025 (Pagina 29 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-2734 | 2025-03-25 | PHPGurukul Old Age Home Management System aboutus.php sql injection |
| CVE-2024-8315 | 2025-03-25 | Improper Handling of Insufficient Permissions or Privileges in B&R APROL |
| CVE-2024-10206 | 2025-03-25 | Server-Side Request Forgery (unauthenticated) in APROL Web Portal |
| CVE-2024-10207 | 2025-03-25 | Server-Side Request Forgery (authenticated) in APROL Web Portal |
| CVE-2024-10208 | 2025-03-25 | Cross Site Scripting vulnerability in APROL Web Portal |
| CVE-2024-10209 | 2025-03-25 | Incorrect Permission Assignment in APROL file system |
| CVE-2024-45480 | 2025-03-25 | Unauthorized local file reading in B&R APROL |
| CVE-2024-45481 | 2025-03-25 | Improper authentication in SSH of B&R APROL |
| CVE-2024-45482 | 2025-03-25 | Privilege escalation in B&R APROL |
| CVE-2024-45483 | 2025-03-25 | Missing GRUB password in B&R APROL |
| CVE-2024-45484 | 2025-03-25 | Enabled ICMP redirection in B&R APROL |
| CVE-2025-2735 | 2025-03-25 | PHPGurukul Old Age Home Management System add-services.php sql injection |
| CVE-2025-2736 | 2025-03-25 | PHPGurukul Old Age Home Management System bwdates-report-details.php sql injection |
| CVE-2025-0845 | 2025-03-25 | DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-2224 | 2025-03-25 | Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing |
| CVE-2025-2737 | 2025-03-25 | PHPGurukul Old Age Home Management System contactus.php sql injection |
| CVE-2024-10210 | 2025-03-25 | Path traversal in APROL Web Portal |
| CVE-2024-10105 | 2025-03-25 | Jobs for WordPress < 2.7.11 - Contributor+ Stored XSS |
| CVE-2024-10472 | 2025-03-25 | Stylish Price List < 7.1.12 - Contributor+ Stored XSS |
| CVE-2024-10554 | 2025-03-25 | WP-Advanced-Search < 3.3.9.3 - Admin+ Stored XSS |
| CVE-2024-10560 | 2025-03-25 | Form Maker by 10Web < 1.15.30 - Admin+ Stored XSS |
| CVE-2025-2738 | 2025-03-25 | PHPGurukul Old Age Home Management System manage-scdetails.php sql injection |
| CVE-2024-10565 | 2025-03-25 | Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget |
| CVE-2024-10566 | 2025-03-25 | Slider by 10Web < 1.2.62 - Contributor+ Stored XSS |
| CVE-2024-10638 | 2025-03-25 | Product Labels For Woocommerce < 1.5.11 - Admin+ SQLi |
| CVE-2024-10679 | 2025-03-25 | Quiz and Survey Master (QSM) < 9.2.1 - Author+ Stored XSS |
| CVE-2024-10703 | 2025-03-25 | Registrations for The Events Calendar < 2.13.4 - Admin+ Stored XSS |
| CVE-2024-11272 | 2025-03-25 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS |
| CVE-2024-11273 | 2025-03-25 | Contact Form & SMTP Plugin for WordPress by PirateForms < 2.6.0 - Admin+ Stored XSS |
| CVE-2024-11503 | 2025-03-25 | WP Tabs < 2.2.7 - Admin+ Stored XSS |
| CVE-2024-12109 | 2025-03-25 | Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi |
| CVE-2025-2739 | 2025-03-25 | PHPGurukul Old Age Home Management System manage-services.php sql injection |
| CVE-2024-12682 | 2025-03-25 | Smart Maintenance Mode < 1.5.2 - Admin+ Stored XSS |
| CVE-2024-12769 | 2025-03-25 | Simple Banner < 3.0.4 - Admin+ Stored XSS |
| CVE-2024-13118 | 2025-03-25 | IP Based Login < 2.4.1 - Log Deletion via CSRF |
| CVE-2024-13122 | 2025-03-25 | AFI < 1.100.0 - Admin+ Stored XSS |
| CVE-2024-13123 | 2025-03-25 | AFI < 1.100.0 - Admin+ Stored XSS |
| CVE-2024-13617 | 2025-03-25 | Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated Arbitrary File Download |
| CVE-2024-13618 | 2025-03-25 | Downloable by American Osteopathic Association <= 0.1.0 - Unauthenticated SSRF |
| CVE-2024-13863 | 2025-03-25 | Stylish Google Sheet Reader < 4.1 - Reflected XSS |
| CVE-2024-9770 | 2025-03-25 | WP-Recall < 16.26.12 - Admin+ SQL Injection |
| CVE-2025-0717 | 2025-03-25 | Social Slider Feed < 2.2.9 - Admin+ Stored XSS |
| CVE-2025-1452 | 2025-03-25 | Favorites < 2.3.5 - Admin+ Stored XSS |
| CVE-2025-1798 | 2025-03-25 | Design Comuni Italia < 1.1.2 - Unauthenticated Stored XSS |
| CVE-2025-2740 | 2025-03-25 | PHPGurukul Old Age Home Management System eligibility.php sql injection |
| CVE-2025-2742 | 2025-03-25 | zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal |
| CVE-2025-2743 | 2025-03-25 | zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal |
| CVE-2025-2744 | 2025-03-25 | zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal |
| CVE-2025-2252 | 2025-03-25 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure |
| CVE-2025-1320 | 2025-03-25 | teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete |
| CVE-2024-12623 | 2025-03-25 | DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2750 | 2025-03-25 | Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write |
| CVE-2025-2751 | 2025-03-25 | Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds |
| CVE-2025-2752 | 2025-03-25 | Open Asset Import Library Assimp CSM File fast_atof.h fast_atoreal_move out-of-bounds |
| CVE-2025-2559 | 2025-03-25 | Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak |
| CVE-2025-2510 | 2025-03-25 | Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter |
| CVE-2024-13710 | 2025-03-25 | Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-13731 | 2025-03-25 | Alert Box Block – Display notice/alerts in the front end <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block |
| CVE-2024-13690 | 2025-03-25 | WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-2319 | 2025-03-25 | EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution |
| CVE-2025-2753 | 2025-03-25 | Open Asset Import Library Assimp LWS File LWSLoader.cpp MergeScenes out-of-bounds |
| CVE-2025-2754 | 2025-03-25 | Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow |
| CVE-2025-2755 | 2025-03-25 | Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection out-of-bounds |
| CVE-2025-2542 | 2025-03-25 | Your Simple SVG Support <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2025-2635 | 2025-03-25 | Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function |
| CVE-2025-2756 | 2025-03-25 | Open Asset Import Library Assimp AC3D File ACLoader.cpp ConvertObjectSection heap-based overflow |
| CVE-2025-2757 | 2025-03-25 | Open Asset Import Library Assimp MD5 File MD5Parser.cpp AI_MD5_PARSE_STRING_IN_QUOTATION heap-based overflow |
| CVE-2024-53678 | 2025-03-25 | Apache VCL: SQL injection vulnerability in New Block Allocation form |
| CVE-2024-53679 | 2025-03-25 | Apache VCL: XSS vulnerability in User Lookup impacting user privileges |
| CVE-2025-2109 | 2025-03-25 | WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function |
| CVE-2024-10037 | 2025-03-25 | A vulnerability exists in the RTU500 web server component that... |
| CVE-2022-1804 | 2025-03-25 | Accountsservice incorrectly drops privileges |
| CVE-2024-11499 | 2025-03-25 | A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality,... |
| CVE-2024-12169 | 2025-03-25 | A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality... |
| CVE-2025-27632 | 2025-03-25 | A Host Header Injection vulnerability in TRMTracker application may allow... |
| CVE-2025-1445 | 2025-03-25 | A vulnerability exists in RTU IEC 61850 client and server... |
| CVE-2025-27633 | 2025-03-25 | The TRMTracker web application is vulnerable to reflected Cross-site scripting... |
| CVE-2025-29932 | 2025-03-25 | In JetBrains GoLand before 2025.1 an XXE during debugging was... |
| CVE-2025-27631 | 2025-03-25 | The TRMTracker web application is vulnerable to LDAP injection attack... |
| CVE-2025-22230 | 2025-03-25 | Authentication bypass vulnerability |
| CVE-2024-55604 | 2025-03-25 | Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources |
| CVE-2025-2530 | 2025-03-25 | Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability |
| CVE-2025-2531 | 2025-03-25 | Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-2532 | 2025-03-25 | Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2025-30212 | 2025-03-25 | Frappe has possibility of SQL injection due to improper validations |
| CVE-2025-27147 | 2025-03-25 | GLPI Inventory plugin has Improper Access Control Vulnerability |
| CVE-2025-26742 | 2025-03-25 | WordPress Gallery for Social Photo plugin <= 1.0.0.35 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30213 | 2025-03-25 | Frappe has Possibility of Remote Code Execution due to improper validation |
| CVE-2025-30214 | 2025-03-25 | Frappe vulnerable to information disclosure leading to account takeover |
| CVE-2024-58104 | 2025-03-25 | A vulnerability in the Trend Micro Apex One Security Agent... |
| CVE-2024-58105 | 2025-03-25 | A vulnerability in the Trend Micro Apex One Security Agent... |
| CVE-2025-2312 | 2025-03-25 | cifs.upcall makes an upcall to the wrong namespace in containerized environments |
| CVE-2025-28904 | 2025-03-25 | WordPress Web Directory Free plugin <= 1.7.6 - SQL Injection vulnerability |
| CVE-2025-30567 | 2025-03-25 | WordPress WP01 <= 2.6.2 - Arbitrary File Download Vulnerability |
| CVE-2024-31896 | 2025-03-25 | IBM SPSS Statistics information disclosure |
| CVE-2025-30216 | 2025-03-25 | CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length |
| CVE-2025-29789 | 2025-03-25 | OpenEMR Has Directory Traversal in Load Code feature |
| CVE-2025-30219 | 2025-03-25 | RabbitMQ has XSS Vulnerability in an Error Message in Management UI |
| CVE-2025-30222 | 2025-03-25 | Shescape has potential environment variable exposure on Windows with CMD |
| CVE-2024-47516 | 2025-03-25 | Pagure: argument injection in pagurerepo.log() |