Lista CVE - 2025 / Marzo
Visualizzazione 401 - 500 di 4015 CVE per Marzo 2025 (Pagina 5 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-51945 | 2025-03-03 | Stored XSS issues in Server Admin API |
| CVE-2024-51946 | 2025-03-03 | Stored XSS in Rest Services Directory under Identify operation |
| CVE-2024-51947 | 2025-03-03 | Stored XSS vulnerability in Rest Services under Layer name |
| CVE-2024-51948 | 2025-03-03 | Stored XSS vulnerability in Rest Services under Job ID |
| CVE-2024-51949 | 2025-03-03 | Stored XSS vulnerability in Rest Services under OGCFeature Service and Map Service |
| CVE-2024-51950 | 2025-03-03 | Stored XSS in Server Admin under Services > lifecycleinfos |
| CVE-2024-51951 | 2025-03-03 | Stored XSS in Server Admin API |
| CVE-2024-51952 | 2025-03-03 | Stored XSS issue in ArcGIS Server |
| CVE-2024-51953 | 2025-03-03 | Stored XSS in ArcGIS Server Rest services |
| CVE-2024-51954 | 2025-03-03 | Unauthorized access to secure services in ArcGIS Server |
| CVE-2024-51956 | 2025-03-03 | Stored XSS vulnerability in ArcGIS Server Administrator Directory |
| CVE-2024-51957 | 2025-03-03 | Stored XSS vulnerability in ArcGIS Rest Services Directory |
| CVE-2024-51958 | 2025-03-03 | Directory traversal vulnerability in the admin api for service thumbnails |
| CVE-2024-51959 | 2025-03-03 | Stored XSS issue in Server Admin API |
| CVE-2024-51960 | 2025-03-03 | Stored XSS in ArcGIS Server Administrator Directory |
| CVE-2024-51961 | 2025-03-03 | Local file inclusion (LFI) vulnerability in ArcGIS Server |
| CVE-2024-51962 | 2025-03-03 | SQL injection vulnerability in ArcGIS Server |
| CVE-2024-51963 | 2025-03-03 | Stored XSS in ArcGIS Server Manager |
| CVE-2024-51966 | 2025-03-03 | Directory traversal vulnerability in ArcGIS Server |
| CVE-2025-1880 | 2025-03-03 | i-Drive i11/i12 Device Pairing authentication bypass |
| CVE-2025-1881 | 2025-03-03 | i-Drive i11/i12 Video Footage/Live Video Stream access control |
| CVE-2025-1882 | 2025-03-03 | i-Drive i11/i12 Device Setting improper access control for register interface |
| CVE-2025-1890 | 2025-03-03 | shishuocms ManageUpLoadAction.java handleRequest unrestricted upload |
| CVE-2025-1891 | 2025-03-03 | shishuocms cross-site request forgery |
| CVE-2020-23438 | 2025-03-04 | Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation. |
| CVE-2021-41719 | 2025-03-04 | Maharashtra State Electricity Distribution Company Limited Mahavitran IOS Application 16.1 application till version 16.1 communicates using the GET method to process requests that contain sensitive information such as user account... |
| CVE-2024-48248 | 2025-03-04 | NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has... |
| CVE-2024-50704 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. |
| CVE-2024-50705 | 2025-03-04 | Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. |
| CVE-2024-50706 | 2025-03-04 | Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database. |
| CVE-2024-50707 | 2025-03-04 | Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. |
| CVE-2025-25426 | 2025-03-04 | yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface. |
| CVE-2025-26091 | 2025-03-04 | A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by... |
| CVE-2025-26136 | 2025-03-04 | A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. |
| CVE-2025-26182 | 2025-03-04 | An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file |
| CVE-2025-26202 | 2025-03-04 | Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious... |
| CVE-2025-26318 | 2025-03-04 | hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application. |
| CVE-2025-26319 | 2025-03-04 | FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. |
| CVE-2025-26320 | 2025-03-04 | t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. |
| CVE-2025-26849 | 2025-03-04 | There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall... |
| CVE-2025-1892 | 2025-03-04 | shishuocms Directory Deletion Page add.json cross site scripting |
| CVE-2025-1893 | 2025-03-04 | Open5GS AMF gmm-sm.c gmm_state_authentication denial of service |
| CVE-2025-1695 | 2025-03-04 | NGINX Unit Java Vulnerability |
| CVE-2025-1894 | 2025-03-04 | PHPGurukul Restaurant Table Booking System search-result.php sql injection |
| CVE-2025-1895 | 2025-03-04 | Tenda TX3 setMacFilterCfg buffer overflow |
| CVE-2025-1896 | 2025-03-04 | Tenda TX3 SetStaticRouteCfg buffer overflow |
| CVE-2025-1897 | 2025-03-04 | Tenda TX3 SetNetControlList buffer overflow |
| CVE-2025-1898 | 2025-03-04 | Tenda TX3 openSchedWifi buffer overflow |
| CVE-2025-1899 | 2025-03-04 | Tenda TX3 setPptpUserList buffer overflow |
| CVE-2025-1900 | 2025-03-04 | PHPGurukul Restaurant Table Booking System add-table.php sql injection |
| CVE-2025-1901 | 2025-03-04 | PHPGurukul Restaurant Table Booking System check_availability.php sql injection |
| CVE-2024-13686 | 2025-03-04 | VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2025-0912 | 2025-03-04 | GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection |
| CVE-2025-1321 | 2025-03-04 | teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-1639 | 2025-03-04 | Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2025-0587 | 2025-03-04 | Arkcompiler Ets Runtime has an integer overflow vulnerability |
| CVE-2025-20011 | 2025-03-04 | Communication Dsoftbus has a memory leak vulnerability |
| CVE-2025-20021 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2025-20024 | 2025-03-04 | Arkcompiler Ets Runtime has an integer overflow vulnerability |
| CVE-2025-20042 | 2025-03-04 | Liteos-A has an out of bounds read vulnerability |
| CVE-2025-20081 | 2025-03-04 | Communication Dsoftbus has an UAF vulnerability |
| CVE-2025-20091 | 2025-03-04 | Communication Dsoftbus has an UAF vulnerability |
| CVE-2025-20626 | 2025-03-04 | Arkcompiler Ets Runtime has an UAF vulnerability |
| CVE-2025-21084 | 2025-03-04 | Arkcompiler Ets Runtime has an NULL pointer dereference vulnerability |
| CVE-2025-21089 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2025-21097 | 2025-03-04 | Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability |
| CVE-2025-21098 | 2025-03-04 | Liteos-A has an insecure storage of sensitive information vulnerability |
| CVE-2025-22443 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2025-22835 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2025-22837 | 2025-03-04 | Arkcompiler Ets Runtime has a NULL pointer dereference vulnerability |
| CVE-2025-22841 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2025-22847 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2025-22897 | 2025-03-04 | Arkcompiler Ets Runtime has a buffer overflow vulnerability |
| CVE-2025-23234 | 2025-03-04 | Arkcompiler Ets Runtime has a buffer overflow vulnerability |
| CVE-2025-23240 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2025-23409 | 2025-03-04 | Communication Dsoftbus has an UAF vulnerability |
| CVE-2025-23414 | 2025-03-04 | Arkcompiler Ets Runtime has an UAF vulnerability |
| CVE-2025-23418 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2025-23420 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2025-24301 | 2025-03-04 | Arkcompiler Ets Runtime has an UAF vulnerability |
| CVE-2025-24309 | 2025-03-04 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2025-1902 | 2025-03-04 | PHPGurukul Student Record System password-recovery.php sql injection |
| CVE-2025-1903 | 2025-03-04 | Codezips Online Shopping Website cart_add.php sql injection |
| CVE-2025-1306 | 2025-03-04 | Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2025-1307 | 2025-03-04 | Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-1904 | 2025-03-04 | code-projects Blood Bank System A+.php cross site scripting |
| CVE-2025-1905 | 2025-03-04 | SourceCodester Employee Management System employee.php cross site scripting |
| CVE-2025-1906 | 2025-03-04 | PHPGurukul Restaurant Table Booking System profile.php sql injection |
| CVE-2024-47259 | 2025-03-04 | Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading... |
| CVE-2024-47260 | 2025-03-04 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then... |
| CVE-2024-47262 | 2025-03-04 | Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block... |
| CVE-2025-0359 | 2025-03-04 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the... |
| CVE-2025-0360 | 2025-03-04 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level... |
| CVE-2024-13685 | 2025-03-04 | Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing |
| CVE-2024-58043 | 2025-03-04 | Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-58044 | 2025-03-04 | Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-27521 | 2025-03-04 | Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-58045 | 2025-03-04 | Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58046 | 2025-03-04 | Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-58047 | 2025-03-04 | Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |