Lista CVE - 2025 / Marzo
Visualizzazione 1101 - 1200 di 4015 CVE per Marzo 2025 (Pagina 12 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-1920 | 2025-03-10 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-2135 | 2025-03-10 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-2136 | 2025-03-10 | Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-2137 | 2025-03-10 | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security... |
| CVE-2024-56191 | 2025-03-10 | In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-56192 | 2025-03-10 | In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-0660 | 2025-03-10 | Stored XSS in Folder Function by Rogue Admin |
| CVE-2025-27610 | 2025-03-10 | Local File Inclusion in Rack::Static |
| CVE-2025-1828 | 2025-03-10 | Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions |
| CVE-2021-37787 | 2025-03-11 | The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module |
| CVE-2024-28607 | 2025-03-11 | The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value. |
| CVE-2024-51319 | 2025-03-11 | A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through... |
| CVE-2024-51320 | 2025-03-11 | Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components |
| CVE-2024-51321 | 2025-03-11 | In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication. |
| CVE-2024-51322 | 2025-03-11 | Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components |
| CVE-2024-58102 | 2025-03-11 | An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions. |
| CVE-2025-25680 | 2025-03-11 | LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi... |
| CVE-2025-25747 | 2025-03-11 | Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint |
| CVE-2025-25748 | 2025-03-11 | A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of... |
| CVE-2025-25749 | 2025-03-11 | An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies. |
| CVE-2025-25925 | 2025-03-11 | A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. |
| CVE-2025-25927 | 2025-03-11 | A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request. |
| CVE-2025-25928 | 2025-03-11 | A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could... |
| CVE-2025-25929 | 2025-03-11 | A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a... |
| CVE-2025-26701 | 2025-03-11 | An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure.... |
| CVE-2025-27893 | 2025-03-11 | In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via... |
| CVE-2025-27911 | 2025-03-11 | An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased... |
| CVE-2025-27912 | 2025-03-11 | An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user... |
| CVE-2025-0062 | 2025-03-11 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) |
| CVE-2025-0071 | 2025-03-11 | Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager |
| CVE-2025-23185 | 2025-03-11 | Information Disclosure in SAP Business Objects Business Intelligence Platform |
| CVE-2025-23188 | 2025-03-11 | Missing Authorization check in SAP S/4HANA (RBD) |
| CVE-2025-23194 | 2025-03-11 | Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component) |
| CVE-2025-25242 | 2025-03-11 | Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP |
| CVE-2025-25244 | 2025-03-11 | Missing Authorization Check in SAP Business Warehouse (Process Chains) |
| CVE-2025-25245 | 2025-03-11 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) |
| CVE-2025-26655 | 2025-03-11 | Missing Authorization check in SAP JIT(Outbound) |
| CVE-2025-26656 | 2025-03-11 | Missing Authorization check in S/4HANA (Manage Purchasing Info Records) |
| CVE-2025-26658 | 2025-03-11 | Broken Authentication in SAP Business One (Service Layer) |
| CVE-2025-26659 | 2025-03-11 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) |
| CVE-2025-26660 | 2025-03-11 | Broken Access Control in SAP Fiori apps (Posting Library) |
| CVE-2025-26661 | 2025-03-11 | Missing Authorization check in SAP NetWeaver (ABAP Class Builder) |
| CVE-2025-27430 | 2025-03-11 | Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center) |
| CVE-2025-27431 | 2025-03-11 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java |
| CVE-2025-27432 | 2025-03-11 | Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit) |
| CVE-2025-27433 | 2025-03-11 | Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) |
| CVE-2025-27434 | 2025-03-11 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI) |
| CVE-2025-27436 | 2025-03-11 | Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) |
| CVE-2024-49823 | 2025-03-11 | IBM Common Cryptographic Architecture denial of service |
| CVE-2024-41760 | 2025-03-11 | IBM Common Cryptographic Architecture information disclosure |
| CVE-2024-22340 | 2025-03-11 | IBM Common Cryptographic Architecture information disclosure |
| CVE-2024-11253 | 2025-03-11 | A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges... |
| CVE-2024-12009 | 2025-03-11 | A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system... |
| CVE-2024-12010 | 2025-03-11 | A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system... |
| CVE-2025-26707 | 2025-03-11 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. |
| CVE-2025-1661 | 2025-03-11 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion |
| CVE-2025-2169 | 2025-03-11 | WPCS – WordPress Currency Switcher Professional <= 1.2.0.4 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-13436 | 2025-03-11 | Appsero Helper <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-13413 | 2025-03-11 | ProductDyno <= 1.0.24 - Reflected Cross-Site Scripting via 'res' Parameter |
| CVE-2024-13574 | 2025-03-11 | XV Random Quotes <= 1.40 - Reflected XSS |
| CVE-2024-13580 | 2025-03-11 | XV Random Quotes <= 1.40 - Settings Reset via CSRF |
| CVE-2024-13615 | 2025-03-11 | Social Media Plugin by Social Snap <= 1.3.6 - Admin+ Stored XSS |
| CVE-2024-13836 | 2025-03-11 | WP Login Control <= 2.0.0 - Reflected XSS |
| CVE-2024-13853 | 2025-03-11 | SEO Tools <= 4.0.7 - Reflected XSS |
| CVE-2024-13862 | 2025-03-11 | S3Bubble Media Streaming <= 8.0 - Reflected XSS |
| CVE-2024-13864 | 2025-03-11 | Countdown Timer <= 1.0 - Reflected XSS |
| CVE-2025-0629 | 2025-03-11 | Coronavirus (COVID-19) Notice Message <= 1.1.2 - Admin+ Stored XSS |
| CVE-2025-2173 | 2025-03-11 | libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer |
| CVE-2025-2174 | 2025-03-11 | libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow |
| CVE-2025-26706 | 2025-03-11 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. |
| CVE-2025-26705 | 2025-03-11 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. |
| CVE-2025-26704 | 2025-03-11 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. |
| CVE-2025-26703 | 2025-03-11 | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. |
| CVE-2025-2175 | 2025-03-11 | libzvbi _vbi_strndup_iconv integer overflow |
| CVE-2025-26702 | 2025-03-11 | Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. |
| CVE-2024-13228 | 2025-03-11 | Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content |
| CVE-2025-2190 | 2025-03-11 | The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. |
| CVE-2025-1434 | 2025-03-11 | XSS in AREAL SAS Topkapi Vision Webserv2 |
| CVE-2025-2176 | 2025-03-11 | libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow |
| CVE-2025-2177 | 2025-03-11 | libzvbi search.c vbi_search_new integer overflow |
| CVE-2025-1550 | 2025-03-11 | Arbitrary Code Execution via Crafted Keras Config for Model Loading |
| CVE-2024-52285 | 2025-03-11 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. This... |
| CVE-2024-56181 | 2025-03-11 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All... |
| CVE-2024-56182 | 2025-03-11 | A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A... |
| CVE-2024-56336 | 2025-03-11 | A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains... |
| CVE-2025-23384 | 2025-03-11 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions <... |
| CVE-2025-23396 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-23397 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-23398 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-23399 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-23400 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-23401 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-23402 | 2025-03-11 | A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412... |
| CVE-2025-25266 | 2025-03-11 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict access... |
| CVE-2025-25267 | 2025-03-11 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application does not properly restrict the... |
| CVE-2025-27392 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. This could allow an... |
| CVE-2025-27393 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated... |
| CVE-2025-27394 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an... |
| CVE-2025-27395 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the... |
| CVE-2025-27396 | 2025-03-11 | A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This... |