Lista CVE - 2025 / Marzo
Visualizzazione 1401 - 1500 di 4015 CVE per Marzo 2025 (Pagina 15 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-28905 | 2025-03-11 | WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-28906 | 2025-03-11 | WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28907 | 2025-03-11 | WordPress WP Last Modified plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28908 | 2025-03-11 | WordPress pipDisqus plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28909 | 2025-03-11 | WordPress WP No-Bot Question plugin <= 0.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28910 | 2025-03-11 | WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28912 | 2025-03-11 | WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28913 | 2025-03-11 | WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28914 | 2025-03-11 | WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28915 | 2025-03-11 | WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability |
| CVE-2025-28918 | 2025-03-11 | WordPress Featured Image Thumbnail Grid plugin <= 6.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28919 | 2025-03-11 | WordPress Easy Image Display plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28920 | 2025-03-11 | WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2025-28922 | 2025-03-11 | WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-28923 | 2025-03-11 | WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-28925 | 2025-03-11 | WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28926 | 2025-03-11 | WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28927 | 2025-03-11 | WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28929 | 2025-03-11 | WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28930 | 2025-03-11 | WordPress List Mixcloud plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28931 | 2025-03-11 | WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-28932 | 2025-03-11 | WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-28933 | 2025-03-11 | WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-28936 | 2025-03-11 | WordPress Lunar plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28937 | 2025-03-11 | WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28938 | 2025-03-11 | WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-28940 | 2025-03-11 | WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28941 | 2025-03-11 | WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-28943 | 2025-03-11 | WordPress DP ALTerminator - Missing ALT manager Plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28868 | 2025-03-11 | WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-1707 | 2025-03-11 | Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta |
| CVE-2025-2209 | 2025-03-11 | aitangbao springboot-manager add cross site scripting |
| CVE-2025-27101 | 2025-03-11 | Broken Access Control in Opal filesystem's copy functionality exposes all user data |
| CVE-2025-27792 | 2025-03-11 | Opal vulnerable to CSRF protection bypass |
| CVE-2025-2210 | 2025-03-11 | aitangbao springboot-manager add cross site scripting |
| CVE-2025-2211 | 2025-03-11 | aitangbao springboot-manager add cross site scripting |
| CVE-2025-2233 | 2025-03-11 | Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability |
| CVE-2025-2212 | 2025-03-11 | Castlenet CBW383G2N RgSwInfo.asp cross site scripting |
| CVE-2025-2213 | 2025-03-11 | Castlenet CBW383G2N Wireless Menu wlanPrimaryNetwork.asp cross site scripting |
| CVE-2025-2214 | 2025-03-11 | Microweber Settings index.php cross site scripting |
| CVE-2025-2215 | 2025-03-11 | Doufox s=doudou path traversal |
| CVE-2024-27763 | 2025-03-12 | XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable. |
| CVE-2024-34398 | 2025-03-12 | An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers. |
| CVE-2025-22954 | 2025-03-12 | GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. |
| CVE-2025-25565 | 2025-03-12 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user... |
| CVE-2025-25566 | 2025-03-12 | Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to... |
| CVE-2025-25567 | 2025-03-12 | SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function. NOTE: the Supplier disputes this because the behavior only enables a local user to attack himself... |
| CVE-2025-25568 | 2025-03-12 | SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software,... |
| CVE-2025-25683 | 2025-03-12 | AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1. |
| CVE-2025-25709 | 2025-03-12 | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints |
| CVE-2025-25711 | 2025-03-12 | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint |
| CVE-2025-25774 | 2025-03-12 | An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the... |
| CVE-2025-25975 | 2025-03-12 | An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function |
| CVE-2025-26260 | 2025-03-12 | Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file... |
| CVE-2025-27914 | 2025-03-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and... |
| CVE-2025-27915 | 2025-03-12 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of... |
| CVE-2025-2216 | 2025-03-12 | zzskzy Warehouse Refinement Management System SaveCrash.ashx UploadCrash unrestricted upload |
| CVE-2025-2217 | 2025-03-12 | zzskzy Warehouse Refinement Management System getAdyData.ashx ProcessRequest sql injection |
| CVE-2025-2218 | 2025-03-12 | LoveCards LoveCardsV2 Setting other access control |
| CVE-2025-2219 | 2025-03-12 | LoveCards LoveCardsV2 image unrestricted upload |
| CVE-2025-2220 | 2025-03-12 | Odyssey CMS reCAPTCHA odyssey_contact_form.php key management |
| CVE-2025-2205 | 2025-03-12 | GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-2076 | 2025-03-12 | binlayerpress <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-1508 | 2025-03-12 | WP Crowdfunding <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Post Content Download |
| CVE-2025-2078 | 2025-03-12 | BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-2077 | 2025-03-12 | Simple Amazon Affiliate <= 1.0.9 - Reflected Cross-Site Scripting |
| CVE-2025-24912 | 2025-03-12 | hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject... |
| CVE-2024-13498 | 2025-03-12 | NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure |
| CVE-2024-13838 | 2025-03-12 | Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook |
| CVE-2024-12589 | 2025-03-12 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer |
| CVE-2024-58087 | 2025-03-12 | ksmbd: fix racy issue from session lookup and expire |
| CVE-2024-13430 | 2025-03-12 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.8 - Authenticated (Contributor+) Private Post Disclosure in pagelayer_builder_posts_shortcode |
| CVE-2024-13446 | 2025-03-12 | Workreap <= 3.2.5 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2024-58088 | 2025-03-12 | bpf: Fix deadlock when freeing cgroup storage |
| CVE-2024-58089 | 2025-03-12 | btrfs: fix double accounting race when btrfs_run_delalloc_range() failed |
| CVE-2025-21844 | 2025-03-12 | smb: client: Add check for next_buffer in receive_encrypted_standard() |
| CVE-2025-21845 | 2025-03-12 | mtd: spi-nor: sst: Fix SST write failure |
| CVE-2025-21846 | 2025-03-12 | acct: perform last write from workqueue |
| CVE-2025-21847 | 2025-03-12 | ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() |
| CVE-2025-21848 | 2025-03-12 | nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() |
| CVE-2025-21849 | 2025-03-12 | drm/i915/gt: Use spin_lock_irqsave() in interruptible context |
| CVE-2025-21850 | 2025-03-12 | nvmet: Fix crash when a namespace is disabled |
| CVE-2025-21851 | 2025-03-12 | bpf: Fix softlockup in arena_map_free on 64k page kernel |
| CVE-2025-21852 | 2025-03-12 | net: Add rx_skb of kfree_skb to raw_tp_null_args[]. |
| CVE-2025-21853 | 2025-03-12 | bpf: avoid holding freeze_mutex during mmap operation |
| CVE-2025-21854 | 2025-03-12 | sockmap, vsock: For connectible sockets allow only connected |
| CVE-2025-21855 | 2025-03-12 | ibmvnic: Don't reference skb after sending to VIOS |
| CVE-2025-21856 | 2025-03-12 | s390/ism: add release function for struct device |
| CVE-2025-21857 | 2025-03-12 | net/sched: cls_api: fix error handling causing NULL dereference |
| CVE-2025-21858 | 2025-03-12 | geneve: Fix use-after-free in geneve_find_dev(). |
| CVE-2025-21859 | 2025-03-12 | USB: gadget: f_midi: f_midi_complete to call queue_work |
| CVE-2025-21860 | 2025-03-12 | mm/zswap: fix inconsistency when zswap_store_page() fails |
| CVE-2025-21861 | 2025-03-12 | mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() |
| CVE-2025-21862 | 2025-03-12 | drop_monitor: fix incorrect initialization order |
| CVE-2025-21863 | 2025-03-12 | io_uring: prevent opcode speculation |
| CVE-2025-21864 | 2025-03-12 | tcp: drop secpath at the same time as we currently drop dst |
| CVE-2025-21865 | 2025-03-12 | gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). |
| CVE-2025-21866 | 2025-03-12 | powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC |
| CVE-2025-2239 | 2025-03-12 | Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall |
| CVE-2025-1527 | 2025-03-12 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module |