Lista CVE - 2025 / Marzo
Visualizzazione 3601 - 3700 di 4015 CVE per Marzo 2025 (Pagina 37 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-2919 | 2025-03-28 | Netis WF-2404 UART hardware allows activation of test or debug logic at runtime |
| CVE-2025-2920 | 2025-03-28 | Netis WF-2404 passwd weak hash |
| CVE-2025-2921 | 2025-03-28 | Netis WF-2404 passwd default password |
| CVE-2025-31164 | 2025-03-28 | fig2dev heap-buffer overflow |
| CVE-2025-31163 | 2025-03-28 | fig2dev segmentation fault |
| CVE-2025-31162 | 2025-03-28 | fig2dev float point exception |
| CVE-2025-2922 | 2025-03-28 | Netis WF-2404 BusyBox Shell cleartext storage |
| CVE-2025-2923 | 2025-03-28 | HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow |
| CVE-2025-2924 | 2025-03-28 | HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow |
| CVE-2025-2925 | 2025-03-28 | HDF5 H5MM.c H5MM_realloc double free |
| CVE-2025-2926 | 2025-03-28 | HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference |
| CVE-2025-2927 | 2025-03-28 | ESAFENET CDG getFileTypeList.jsp sql injection |
| CVE-2024-6875 | 2025-03-28 | Infinispan: infinispan: rest compare api has buffer leak |
| CVE-2025-2781 | 2025-03-28 | WatchGuard Mobile VPN with SSL Local Privilege Escalation via Non-Standard Installation Directory |
| CVE-2025-2782 | 2025-03-28 | WatchGuard Terminal Services Agent Local Privilege Escalation via Non-Standard Installation Directory |
| CVE-2024-43186 | 2025-03-28 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-7577 | 2025-03-28 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-51477 | 2025-03-28 | IBM InfoSphere Information Server information disclosure |
| CVE-2025-1217 | 2025-03-29 | Header parser of http stream wrapper does not handle folded headers |
| CVE-2025-2840 | 2025-03-29 | DAP to Autoresponders Email Syncing <= 1.0 - Unauthenticated Information Exposure |
| CVE-2025-2803 | 2025-03-29 | So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-2266 | 2025-03-29 | Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update |
| CVE-2025-2006 | 2025-03-29 | Inline Image Upload for BBPress <= 1.1.19 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-13557 | 2025-03-29 | Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-2249 | 2025-03-29 | SoJ Soundslides <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-11180 | 2025-03-29 | ElementsKit Elementor addons <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-55895 | 2025-03-29 | IBM InfoSphere Information Server information disclosure |
| CVE-2025-1219 | 2025-03-30 | libxml streams use wrong content-type header when requesting a redirected resource |
| CVE-2025-1734 | 2025-03-30 | Streams HTTP wrapper does not fail for headers with invalid name and no colon |
| CVE-2025-1736 | 2025-03-30 | Stream HTTP wrapper header check might omit basic auth header |
| CVE-2025-1861 | 2025-03-30 | Stream HTTP wrapper truncates redirect location to 1024 bytes |
| CVE-2025-2951 | 2025-03-30 | Bluestar Micro Mall data.php sql injection |
| CVE-2025-2952 | 2025-03-30 | Bluestar Micro Mall api.php unrestricted upload |
| CVE-2025-2953 | 2025-03-30 | PyTorch torch.mkldnn_max_pool2d denial of service |
| CVE-2025-2954 | 2025-03-30 | mannaandpoem OpenManus File file_saver.py execute access control |
| CVE-2025-2955 | 2025-03-30 | TOTOLINK A3000RU IBMS Configuration File ExportIbmsConfig.sh access control |
| CVE-2025-2956 | 2025-03-30 | TRENDnet TI-G102i HTTP Request lighttpd plugins_call_handle_uri_raw null pointer dereference |
| CVE-2025-2957 | 2025-03-30 | TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference |
| CVE-2025-2958 | 2025-03-30 | TRENDnet TEW-818DRU HTTP Request httpd denial of service |
| CVE-2025-2959 | 2025-03-30 | TRENDnet TEW-410APB HTTP Request httpd sub_4019A0 null pointer dereference |
| CVE-2025-2960 | 2025-03-30 | TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference |
| CVE-2024-13804 | 2025-03-30 | Unauthenticated RCE in HPE Insight Cluster Management Utility |
| CVE-2025-2961 | 2025-03-30 | opensolon org.noear.solon.core.handle.RenderManager aa render_mav path traversal |
| CVE-2024-54802 | 2025-03-31 | In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. |
| CVE-2024-54803 | 2025-03-31 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This... |
| CVE-2024-54804 | 2025-03-31 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This... |
| CVE-2024-54805 | 2025-03-31 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit... |
| CVE-2024-54806 | 2025-03-31 | Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. |
| CVE-2024-54807 | 2025-03-31 | In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system... |
| CVE-2024-54808 | 2025-03-31 | Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program... |
| CVE-2024-54809 | 2025-03-31 | Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is... |
| CVE-2024-55093 | 2025-03-31 | phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts. |
| CVE-2025-22937 | 2025-03-31 | An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. |
| CVE-2025-22938 | 2025-03-31 | Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords. |
| CVE-2025-22939 | 2025-03-31 | A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. |
| CVE-2025-22940 | 2025-03-31 | Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password. |
| CVE-2025-22941 | 2025-03-31 | A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. |
| CVE-2025-29266 | 2025-03-31 | Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use... |
| CVE-2025-30095 | 2025-03-31 | VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker... |
| CVE-2025-1268 | 2025-03-31 | Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer... |
| CVE-2025-2973 | 2025-03-31 | code-projects College Management System student.php unrestricted upload |
| CVE-2025-3011 | 2025-03-31 | PiExtract SOOP-CLM - SQL Injection |
| CVE-2025-2974 | 2025-03-31 | CodeCanyon Perfex CRM Contracts contract cross site scripting |
| CVE-2025-3013 | 2025-03-31 | Insecure direct object references (IDOR) in NightWolf Penetration Platform |
| CVE-2025-3014 | 2025-03-31 | Insecure direct object references (IDOR) in NightWolf Penetration Platform |
| CVE-2025-2975 | 2025-03-31 | GFI KerioConnect Signature EditHtmlSource cross site scripting |
| CVE-2025-2976 | 2025-03-31 | GFI KerioConnect File Upload cross site scripting |
| CVE-2025-24517 | 2025-03-31 | Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication. |
| CVE-2025-24852 | 2025-03-31 | Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used... |
| CVE-2025-25211 | 2025-03-31 | Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. |
| CVE-2025-26689 | 2025-03-31 | Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data... |
| CVE-2025-31103 | 2025-03-31 | Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to... |
| CVE-2025-2977 | 2025-03-31 | GFI KerioConnect PDF File cross site scripting |
| CVE-2025-2978 | 2025-03-31 | WCMS Article Publishing Page CKEditor unrestricted upload |
| CVE-2025-0613 | 2025-03-31 | Photo Gallery < 1.8.34 - Unauthenticated Stored XSS |
| CVE-2025-2979 | 2025-03-31 | WCMS Registration setregister cross site scripting |
| CVE-2025-31043 | 2025-03-31 | WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31417 | 2025-03-31 | WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability |
| CVE-2025-30835 | 2025-03-31 | WordPress Accounting for WooCommerce plugin <= 1.6.8 - Local File Inclusion vulnerability |
| CVE-2025-30855 | 2025-03-31 | WordPress Ads by WPQuads plugin <= 2.0.87.1 - Broken Access Control Vulnerability |
| CVE-2025-30987 | 2025-03-31 | WordPress JetBlocks For Elementor plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31016 | 2025-03-31 | WordPress JetWooBuilder plugin <= 2.1.18 - Local File Inclusion vulnerability |
| CVE-2025-31387 | 2025-03-31 | WordPress InstaWP Connect plugin <= 0.1.0.82 - Local File Inclusion vulnerability |
| CVE-2025-31412 | 2025-03-31 | WordPress JetProductGallery plugin <= 2.1.22 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31414 | 2025-03-31 | WordPress Cost Calculator Builder plugin <= 3.2.65 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2402 | 2025-03-31 | Hard-coded password for object store of KNIME Business Hub |
| CVE-2025-2980 | 2025-03-31 | Legrand SMS PowerView redirect |
| CVE-2025-3019 | 2025-03-31 | Cross-site scripting vulnerabilities in KNIME Business Hub web pages |
| CVE-2025-2981 | 2025-03-31 | Legrand SMS PowerView cross site scripting |
| CVE-2025-2982 | 2025-03-31 | Legrand SMS PowerView file inclusion |
| CVE-2025-2983 | 2025-03-31 | Legrand SMS PowerView os command injection |
| CVE-2025-31410 | 2025-03-31 | WordPress WP Church Donation plugin <= 1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-2984 | 2025-03-31 | code-projects Payroll Management System delete.php sql injection |
| CVE-2025-2071 | 2025-03-31 | OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI |
| CVE-2025-2072 | 2025-03-31 | Reflected Cross-Site Scripting (XSS) Vulnerability in FAST LTA Silent Brick WebUI |
| CVE-2025-31406 | 2025-03-31 | WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-2985 | 2025-03-31 | code-projects Payroll Management System update_account.php sql injection |
| CVE-2025-30961 | 2025-03-31 | WordPress Trackserver plugin <= 5.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-2989 | 2025-03-31 | Tenda FH1202 Web Management Interface AdvSetWrl access control |
| CVE-2025-31386 | 2025-03-31 | WordPress Simple:Press plugin <= 6.10.11 - Broken Access Control vulnerability |