Lista CVE - 2025 / Marzo
Visualizzazione 501 - 600 di 4015 CVE per Marzo 2025 (Pagina 6 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-58048 | 2025-03-04 | Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-58049 | 2025-03-04 | Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-58050 | 2025-03-04 | Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-13682 | 2025-03-04 | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery |
| CVE-2025-0512 | 2025-03-04 | Structured Content (JSON-LD) #wpsc <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode |
| CVE-2024-9618 | 2025-03-04 | Master Addons <= 2.0.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-13724 | 2025-03-04 | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization |
| CVE-2025-0433 | 2025-03-04 | Master Addons <= 2.0.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-0958 | 2025-03-04 | Ultimate WordPress Auction Plugin <= 4.2.9 - Missing Authorization to Arbitrary Post Deletion |
| CVE-2025-0370 | 2025-03-04 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter |
| CVE-2025-22224 | 2025-03-04 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this... |
| CVE-2025-22225 | 2025-03-04 | VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. |
| CVE-2025-22226 | 2025-03-04 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able... |
| CVE-2025-1925 | 2025-03-04 | Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service |
| CVE-2025-1930 | 2025-03-04 | On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This... |
| CVE-2025-1939 | 2025-03-04 | Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions... |
| CVE-2025-1931 | 2025-03-04 | It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR... |
| CVE-2025-1932 | 2025-03-04 | An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird... |
| CVE-2025-1933 | 2025-03-04 | On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a... |
| CVE-2025-1940 | 2025-03-04 | A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This... |
| CVE-2025-1934 | 2025-03-04 | It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox... |
| CVE-2025-1941 | 2025-03-04 | Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136. |
| CVE-2025-1942 | 2025-03-04 | When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird <... |
| CVE-2025-1935 | 2025-03-04 | A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8,... |
| CVE-2025-1936 | 2025-03-04 | jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension... |
| CVE-2025-1937 | 2025-03-04 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume... |
| CVE-2025-1938 | 2025-03-04 | Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough... |
| CVE-2025-1943 | 2025-03-04 | Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |
| CVE-2025-27426 | 2025-03-04 | Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. |
| CVE-2025-27424 | 2025-03-04 | Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. |
| CVE-2025-27425 | 2025-03-04 | Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects... |
| CVE-2024-9149 | 2025-03-04 | SQLi in Wind Media's E-Commerce Website Template |
| CVE-2025-23368 | 2025-03-04 | Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli |
| CVE-2025-1425 | 2025-03-04 | File Read Through Improper Sudo Privilege Management |
| CVE-2025-1424 | 2025-03-04 | Privilege Escalation Through SUID Binary and Developer Mode |
| CVE-2025-27111 | 2025-03-04 | Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection |
| CVE-2024-11957 | 2025-03-04 | Arbitrary Code Execution in WPS Office |
| CVE-2025-27155 | 2025-03-04 | In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim |
| CVE-2025-27507 | 2025-03-04 | IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations |
| CVE-2025-27150 | 2025-03-04 | Tuleap dumps the Redis password into the generated troubleshooting archives |
| CVE-2025-27156 | 2025-03-04 | Tuleap allows content injection via emails sent by the mass emailing features |
| CVE-2025-27401 | 2025-03-04 | In Tuleap, deleting a report can delete criteria filters in other reports |
| CVE-2025-27402 | 2025-03-04 | Tuleap is missing CSRF protections on tracker fields administrative operations |
| CVE-2024-41147 | 2025-03-04 | An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file... |
| CVE-2024-10930 | 2025-03-04 | Carrier Block Load Privilege Escalation |
| CVE-2019-1815 | 2025-03-04 | Cisco Meraki MX67 and MX68 Sensitive Information Disclosure Vulnerability |
| CVE-2020-3122 | 2025-03-04 | Cisco Content Security Management Appliance Information Disclosure Vulnerability |
| CVE-2025-1946 | 2025-03-04 | hzmanyun Education and Training System exportPDF command injection |
| CVE-2025-1947 | 2025-03-04 | hzmanyun Education and Training System UploadImageController.java scorm command injection |
| CVE-2025-1969 | 2025-03-04 | Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center |
| CVE-2025-1949 | 2025-03-04 | ZZCMS URL register_nodb.php cross site scripting |
| CVE-2025-1952 | 2025-03-04 | PHPGurukul Restaurant Table Booking System password-recovery.php sql injection |
| CVE-2025-1259 | 2025-03-04 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. |
| CVE-2025-1260 | 2025-03-04 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. |
| CVE-2025-1953 | 2025-03-04 | vLLM AIBrix Prefix Caching hash.go random values |
| CVE-2025-1080 | 2025-03-04 | Macro URL arbitrary script execution |
| CVE-2024-9135 | 2025-03-04 | On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping. |
| CVE-2024-8000 | 2025-03-04 | On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar |
| CVE-2025-1954 | 2025-03-04 | PHPGurukul Human Metapneumovirus Testing Management System login.php sql injection |
| CVE-2025-1955 | 2025-03-04 | code-projects Online Class and Exam Scheduling System profile.php cross site scripting |
| CVE-2025-1956 | 2025-03-04 | code-projects Shopping Portal Login index.php sql injection |
| CVE-2025-27510 | 2025-03-04 | RCE in the package conda-forge-metadata |
| CVE-2025-1957 | 2025-03-04 | code-projects Blood Bank System o+.php cross site scripting |
| CVE-2025-1958 | 2025-03-04 | aaluoxiang oa_system address-mapper.xml sql injection |
| CVE-2025-1959 | 2025-03-04 | Codezips Gym Management System change_s_pwd.php sql injection |
| CVE-2025-1961 | 2025-03-04 | SourceCodester Best Church Management Software web_crud.php sql injection |
| CVE-2025-1962 | 2025-03-04 | projectworlds Online Hotel Booking addroom.php sql injection |
| CVE-2025-1316 | 2025-03-04 | Edimax IC-7100 IP Camera OS Command Injection |
| CVE-2025-21092 | 2025-03-04 | GMOD Apollo Incorrect Privilege Assignment |
| CVE-2025-23410 | 2025-03-04 | GMOD Apollo Relative Path Traversal |
| CVE-2024-31525 | 2025-03-05 | Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as... |
| CVE-2024-48246 | 2025-03-05 | Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php. |
| CVE-2024-51144 | 2025-03-05 | Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0. |
| CVE-2024-53458 | 2025-03-05 | Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted SSH packets. |
| CVE-2024-57174 | 2025-03-05 | A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard... |
| CVE-2025-25362 | 2025-03-05 | A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. |
| CVE-2025-25632 | 2025-03-05 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. |
| CVE-2025-25634 | 2025-03-05 | A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. |
| CVE-2025-27637 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016. |
| CVE-2025-27638 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013. |
| CVE-2025-27639 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015. |
| CVE-2025-27640 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012. |
| CVE-2025-27641 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009. |
| CVE-2025-27642 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008. |
| CVE-2025-27643 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006. |
| CVE-2025-27644 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. |
| CVE-2025-27645 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005. |
| CVE-2025-27646 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001. |
| CVE-2025-27647 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002. |
| CVE-2025-27648 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. |
| CVE-2025-27649 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016. |
| CVE-2025-27650 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. |
| CVE-2025-27651 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014. |
| CVE-2025-27652 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: rfIDEAS V-2023-015. |
| CVE-2025-27653 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Preauthenticated Cross Site Scripting (XSS): Badge Registration V-2023-012. |
| CVE-2025-27654 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Cross Site Scripting (XSS) V-2023-017. |
| CVE-2025-27655 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: CPA v1 V-2023-009. |
| CVE-2025-27656 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011. |
| CVE-2025-27657 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. |
| CVE-2025-27658 | 2025-03-05 | Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001. |