Lista CVE - 2025 / Marzo
Visualizzazione 701 - 800 di 4015 CVE per Marzo 2025 (Pagina 8 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-27515 | 2025-03-05 | Laravel has a File Validation Bypass |
| CVE-2025-2003 | 2025-03-05 | Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. |
| CVE-2025-27517 | 2025-03-05 | Volt Allows RCE Via User-Crafted Requests |
| CVE-2025-27516 | 2025-03-05 | Jinja sandbox breakout through attr filter selecting format method |
| CVE-2025-27508 | 2025-03-05 | Emissary Use of a Broken or Risky Cryptographic Algorithm |
| CVE-2025-27622 | 2025-03-05 | Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read... |
| CVE-2025-27623 | 2025-03-05 | Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission... |
| CVE-2025-27624 | 2025-03-05 | A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue... |
| CVE-2025-27625 | 2025-03-05 | In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a... |
| CVE-2024-42844 | 2025-03-06 | A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanitized user input... |
| CVE-2024-50600 | 2025-03-06 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD... |
| CVE-2024-52923 | 2025-03-06 | An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920,... |
| CVE-2024-52924 | 2025-03-06 | An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920,... |
| CVE-2024-57972 | 2025-03-06 | The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource... |
| CVE-2025-25361 | 2025-03-06 | An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. |
| CVE-2025-25381 | 2025-03-06 | Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords. |
| CVE-2025-25450 | 2025-03-06 | An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint |
| CVE-2025-25451 | 2025-03-06 | An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key |
| CVE-2025-25452 | 2025-03-06 | An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint |
| CVE-2025-25497 | 2025-03-06 | An issue in account management interface in Netsweeper Server v.8.2.6 and earlier (fixed in v.8.2.7) allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack... |
| CVE-2025-25763 | 2025-03-06 | crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php |
| CVE-2025-26167 | 2025-03-06 | Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files. |
| CVE-2025-26699 | 2025-03-06 | An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack... |
| CVE-2025-24864 | 2025-03-06 | Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC... |
| CVE-2025-22447 | 2025-03-06 | Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC... |
| CVE-2025-1979 | 2025-03-06 | Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the... |
| CVE-2025-20903 | 2025-03-06 | Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. |
| CVE-2025-20908 | 2025-03-06 | Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. |
| CVE-2025-20909 | 2025-03-06 | Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-20910 | 2025-03-06 | Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery. |
| CVE-2025-20911 | 2025-03-06 | Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch. |
| CVE-2025-20912 | 2025-03-06 | Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch. |
| CVE-2025-20913 | 2025-03-06 | Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20914 | 2025-03-06 | Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20915 | 2025-03-06 | Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20916 | 2025-03-06 | Out-of-bounds read in reading string of SPen in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20917 | 2025-03-06 | Out-of-bounds read in applying binary of pdf content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20918 | 2025-03-06 | Out-of-bounds read in applying extra data of base content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20919 | 2025-03-06 | Out-of-bounds read in applying binary of video content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20920 | 2025-03-06 | Out-of-bounds read in action link data in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20921 | 2025-03-06 | Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20922 | 2025-03-06 | Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. |
| CVE-2025-20923 | 2025-03-06 | Improper access control in Galaxy Wearable prior to version 2.2.61.24112961 allows local attackers to launch arbitrary activity with Galaxy Wearable privilege. |
| CVE-2025-20924 | 2025-03-06 | Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. |
| CVE-2025-20925 | 2025-03-06 | Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory. |
| CVE-2025-20926 | 2025-03-06 | Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. |
| CVE-2025-20927 | 2025-03-06 | Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. |
| CVE-2025-20928 | 2025-03-06 | Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. |
| CVE-2025-20929 | 2025-03-06 | Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. |
| CVE-2025-20930 | 2025-03-06 | Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory. |
| CVE-2025-20931 | 2025-03-06 | Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. |
| CVE-2025-20932 | 2025-03-06 | Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory. |
| CVE-2025-20933 | 2025-03-06 | Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory. |
| CVE-2025-22623 | 2025-03-06 | Ad Inserter - Reflected cross-site scripting (XSS) |
| CVE-2024-13868 | 2025-03-06 | Easy Broken Link Checker <= 9.0.2 - Reflected XSS |
| CVE-2024-13897 | 2025-03-06 | Moving Media Library <= 1.22 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Deletion |
| CVE-2025-1540 | 2025-03-06 | Incorrect Authorization in GitLab |
| CVE-2025-1672 | 2025-03-06 | Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-13902 | 2025-03-06 | huang-yk student-manage Edit a Student Information Page cross site scripting |
| CVE-2024-56202 | 2025-03-06 | Apache Traffic Server: Expect header field can unreasonably retain resource |
| CVE-2025-1383 | 2025-03-06 | Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function |
| CVE-2025-1666 | 2025-03-06 | Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission |
| CVE-2024-7872 | 2025-03-06 | Sensetive Data Exposure in ExtremePACS' Extreme XDS |
| CVE-2024-56196 | 2025-03-06 | Apache Traffic Server: ACL is not fully compatible with older versions |
| CVE-2024-56195 | 2025-03-06 | Apache Traffic Server: Intercept plugins are not access controlled |
| CVE-2024-38311 | 2025-03-06 | Apache Traffic Server: Request smuggling via pipelining after a chunked message body |
| CVE-2025-1696 | 2025-03-06 | Exposure of Proxy Credentials in Docker Desktop Logs |
| CVE-2025-2045 | 2025-03-06 | Incorrect Authorization in GitLab |
| CVE-2025-0877 | 2025-03-06 | XSS in AtaksAPP's Reservation Management System |
| CVE-2024-13892 | 2025-03-06 | Command Injection in Smartwares cameras |
| CVE-2024-13893 | 2025-03-06 | Shared credentials in Smartwares cameras |
| CVE-2024-13894 | 2025-03-06 | Path traversal in Smartwares cameras |
| CVE-2024-12144 | 2025-03-06 | SQLi in Finder Fire Safety's Finder ERP/CRM (Old System) |
| CVE-2024-12146 | 2025-03-06 | SQLi in Finder Fire Safety's Finder ERP/CRM (New System) |
| CVE-2025-2029 | 2025-03-06 | MicroDicom DICOM Viewer mDicom.exe memory corruption |
| CVE-2025-2030 | 2025-03-06 | Seeyon Zhiyuan Interconnect FE Collaborative Office Platform addUser.jsp sql injection |
| CVE-2024-58051 | 2025-03-06 | ipmi: ipmb: Add check devm_kasprintf() returned value |
| CVE-2024-58052 | 2025-03-06 | drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table |
| CVE-2024-58053 | 2025-03-06 | rxrpc: Fix handling of received connection abort |
| CVE-2024-58054 | 2025-03-06 | staging: media: max96712: fix kernel oops when removing module |
| CVE-2024-58055 | 2025-03-06 | usb: gadget: f_tcm: Don't free command immediately |
| CVE-2024-58056 | 2025-03-06 | remoteproc: core: Fix ida_free call while not allocated |
| CVE-2024-58057 | 2025-03-06 | idpf: convert workqueues to unbound |
| CVE-2024-58058 | 2025-03-06 | ubifs: skip dumping tnc tree when zroot is null |
| CVE-2024-58059 | 2025-03-06 | media: uvcvideo: Fix deadlock during uvc_probe |
| CVE-2024-58060 | 2025-03-06 | bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing |
| CVE-2024-58061 | 2025-03-06 | wifi: mac80211: prohibit deactivating all links |
| CVE-2024-58062 | 2025-03-06 | wifi: iwlwifi: mvm: avoid NULL pointer dereference |
| CVE-2024-58063 | 2025-03-06 | wifi: rtlwifi: fix memory leaks and invalid access at probe error path |
| CVE-2024-58064 | 2025-03-06 | wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() |
| CVE-2024-58065 | 2025-03-06 | clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check |
| CVE-2024-58066 | 2025-03-06 | clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check |
| CVE-2024-58067 | 2025-03-06 | clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check |
| CVE-2024-58068 | 2025-03-06 | OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized |
| CVE-2024-58069 | 2025-03-06 | rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read |
| CVE-2024-58070 | 2025-03-06 | bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT |
| CVE-2024-58071 | 2025-03-06 | team: prevent adding a device which is already a team device lower |
| CVE-2024-58072 | 2025-03-06 | wifi: rtlwifi: remove unused check_buddy_priv |
| CVE-2024-58073 | 2025-03-06 | drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp |
| CVE-2025-2031 | 2025-03-06 | ChestnutCMS upload uploadFile unrestricted upload |