Lista CVE - 2025 / Marzo
Visualizzazione 3401 - 3500 di 4015 CVE per Marzo 2025 (Pagina 35 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-53004 | 2025-03-27 | ovl: fix tmpfile leak |
| CVE-2023-53005 | 2025-03-27 | trace_events_hist: add check for return value of 'create_hist_field' |
| CVE-2023-53006 | 2025-03-27 | cifs: Fix oops due to uncleared server->smbd_conn in reconnect |
| CVE-2023-53007 | 2025-03-27 | tracing: Make sure trace_printk() can output as soon as it can be used |
| CVE-2023-53008 | 2025-03-27 | cifs: fix potential memory leaks in session setup |
| CVE-2023-53009 | 2025-03-27 | drm/amdkfd: Add sync after creating vram bo |
| CVE-2023-53010 | 2025-03-27 | bnxt: Do not read past the end of test names |
| CVE-2023-53011 | 2025-03-27 | net: stmmac: enable all safety features by default |
| CVE-2023-53012 | 2025-03-27 | thermal: core: call put_device() only after device_register() fails |
| CVE-2023-53013 | 2025-03-27 | ptdma: pt_core_execute_cmd() should use spinlock |
| CVE-2023-53014 | 2025-03-27 | dmaengine: tegra: Fix memory leak in terminate_all() |
| CVE-2023-53015 | 2025-03-27 | HID: betop: check shape of output reports |
| CVE-2023-53016 | 2025-03-27 | Bluetooth: Fix possible deadlock in rfcomm_sk_state_change |
| CVE-2023-53017 | 2025-03-27 | Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() |
| CVE-2023-53018 | 2025-03-27 | Bluetooth: hci_conn: Fix memory leaks |
| CVE-2023-53019 | 2025-03-27 | net: mdio: validate parameter addr in mdiobus_get_phy() |
| CVE-2023-53020 | 2025-03-27 | l2tp: close all race conditions in l2tp_tunnel_register() |
| CVE-2023-53021 | 2025-03-27 | net/sched: sch_taprio: fix possible use-after-free |
| CVE-2023-53022 | 2025-03-27 | net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() |
| CVE-2023-53023 | 2025-03-27 | net: nfc: Fix use-after-free in local_cleanup() |
| CVE-2023-53024 | 2025-03-27 | bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation |
| CVE-2023-53026 | 2025-03-27 | RDMA/core: Fix ib block iterator counter overflow |
| CVE-2023-53028 | 2025-03-27 | Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" |
| CVE-2023-53029 | 2025-03-27 | octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt |
| CVE-2023-53030 | 2025-03-27 | octeontx2-pf: Avoid use of GFP_KERNEL in atomic context |
| CVE-2023-53031 | 2025-03-27 | powerpc/imc-pmu: Fix use of mutex in IRQs disabled section |
| CVE-2023-53032 | 2025-03-27 | netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. |
| CVE-2023-53033 | 2025-03-27 | netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-37405 | 2025-03-27 | IBM Cloud Pak System information disclosure |
| CVE-2023-38272 | 2025-03-27 | IBM Cloud Pak System information disclosure |
| CVE-2025-22740 | 2025-03-27 | WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability |
| CVE-2025-22739 | 2025-03-27 | WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability |
| CVE-2025-26956 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-26898 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - SQL Injection vulnerability |
| CVE-2025-26890 | 2025-03-27 | WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability |
| CVE-2025-26874 | 2025-03-27 | WordPress MemberSpace plugin <= 2.1.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26873 | 2025-03-27 | WordPress Traveler theme < 3.2.1 - PHP Object Injection vulnerability |
| CVE-2025-26733 | 2025-03-27 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-31031 | 2025-03-27 | WordPress Job Colors for WP Job Manager plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2885 | 2025-03-27 | Root metadata version not validated in tough |
| CVE-2025-2886 | 2025-03-27 | Terminating targets role delegations are not respected in tough |
| CVE-2025-2887 | 2025-03-27 | Failure to detect delegated target rollback in tough |
| CVE-2025-2888 | 2025-03-27 | Improper timestamp caching during snapshot rollback in tough |
| CVE-2025-31101 | 2025-03-27 | WordPress VaultRE Contact Form 7 plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2878 | 2025-03-27 | Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting |
| CVE-2025-31092 | 2025-03-27 | WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-24292 | 2025-03-28 | A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component. |
| CVE-2024-38985 | 2025-03-28 | janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or... |
| CVE-2024-38988 | 2025-03-28 | alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of... |
| CVE-2024-48615 | 2025-03-28 | Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8. |
| CVE-2024-56975 | 2025-03-28 | InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller. |
| CVE-2024-57083 | 2025-03-28 | A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. |
| CVE-2024-58128 | 2025-03-28 | In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global... |
| CVE-2024-58129 | 2025-03-28 | In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page. |
| CVE-2024-58130 | 2025-03-28 | In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses. |
| CVE-2025-22953 | 2025-03-28 | A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An... |
| CVE-2025-25579 | 2025-03-28 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. |
| CVE-2025-28087 | 2025-03-28 | Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php. |
| CVE-2025-28089 | 2025-03-28 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function. |
| CVE-2025-28090 | 2025-03-28 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature. |
| CVE-2025-28091 | 2025-03-28 | maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article. |
| CVE-2025-28092 | 2025-03-28 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. |
| CVE-2025-28093 | 2025-03-28 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. |
| CVE-2025-28094 | 2025-03-28 | shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. |
| CVE-2025-28096 | 2025-03-28 | OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers. |
| CVE-2025-28097 | 2025-03-28 | OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers. |
| CVE-2025-28219 | 2025-03-28 | Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST... |
| CVE-2025-28220 | 2025-03-28 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a... |
| CVE-2025-28221 | 2025-03-28 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a... |
| CVE-2025-28254 | 2025-03-28 | Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions(). |
| CVE-2025-28256 | 2025-03-28 | An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. |
| CVE-2025-31335 | 2025-03-28 | The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures). |
| CVE-2025-1860 | 2025-03-28 | Data::Entropy for Perl uses insecure rand() function for cryptographic functions |
| CVE-2025-24383 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially... |
| CVE-2024-49565 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2024-49564 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2024-49563 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-22398 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially... |
| CVE-2025-24382 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially... |
| CVE-2024-49601 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially... |
| CVE-2025-24385 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-23383 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2024-13939 | 2025-03-28 | String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string |
| CVE-2025-24380 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-24379 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-24378 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-24377 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-24386 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could... |
| CVE-2025-24381 | 2025-03-28 | Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a... |
| CVE-2025-2894 | 2025-03-28 | Unitree Go1 Robot Dog Backdoor Control Channel |
| CVE-2025-2294 | 2025-03-28 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
| CVE-2025-2804 | 2025-03-28 | tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' |
| CVE-2025-2027 | 2025-03-28 | A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash... |
| CVE-2025-1762 | 2025-03-28 | Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF |
| CVE-2025-2328 | 2025-03-28 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-2485 | 2025-03-28 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion |
| CVE-2025-2578 | 2025-03-28 | Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure |
| CVE-2025-2074 | 2025-03-28 | Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter |
| CVE-2025-27567 | 2025-03-28 | Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser... |
| CVE-2025-27574 | 2025-03-28 | Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web... |