Lista CVE - 2025 / Marzo
Visualizzazione 1501 - 1600 di 4015 CVE per Marzo 2025 (Pagina 16 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-13872 | 2025-03-12 | Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so |
| CVE-2024-13871 | 2025-03-12 | Unauthenticated Command Injection in Bitdefender BOX v1 |
| CVE-2024-13870 | 2025-03-12 | Unauthenticated Firmware Downgrade in Bitdefender Box v1 |
| CVE-2025-29903 | 2025-03-12 | In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible |
| CVE-2025-29904 | 2025-03-12 | In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible |
| CVE-2024-10838 | 2025-03-12 | Integer Underflow in DDS_Security_Deserialize_ methods may lead to OOB read |
| CVE-2025-27788 | 2025-03-12 | Ruby JSON Parser has Out-of-bounds Read |
| CVE-2025-21590 | 2025-03-12 | Junos OS: An local attacker with shell access can execute arbitrary code |
| CVE-2025-27794 | 2025-03-12 | Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite |
| CVE-2024-52362 | 2025-03-12 | IBM App Connect Enterprise Certified Container denial of service |
| CVE-2025-29891 | 2025-03-12 | Apache Camel: Camel Message Header Injection through request parameters |
| CVE-2025-2240 | 2025-03-12 | Smallrye-fault-tolerance: smallrye fault tolerance |
| CVE-2025-0884 | 2025-03-12 | Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager. |
| CVE-2025-0883 | 2025-03-12 | vulnerability has been discovered in OpenText™ Service Manager. |
| CVE-2025-2002 | 2025-03-12 | CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed... |
| CVE-2025-1683 | 2025-03-12 | Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion |
| CVE-2025-1984 | 2025-03-12 | Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5 |
| CVE-2025-0813 | 2025-03-12 | CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot... |
| CVE-2025-1960 | 2025-03-12 | CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed... |
| CVE-2025-27867 | 2025-03-12 | Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin |
| CVE-2025-20115 | 2025-03-12 | Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability |
| CVE-2025-20138 | 2025-03-12 | Cisco IOS XR Software CLI Privilege Escalation Vulnerability |
| CVE-2025-20141 | 2025-03-12 | Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity |
| CVE-2025-20142 | 2025-03-12 | Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability |
| CVE-2025-20143 | 2025-03-12 | Cisco IOS XR Software Secure Boot Bypass Vulnerability |
| CVE-2025-20144 | 2025-03-12 | Cisco IOS XR Software Access Control List Bypass Vulnerability |
| CVE-2025-20145 | 2025-03-12 | Cisco IOS XR Software Access Control List Bypass Vulnerability |
| CVE-2025-20146 | 2025-03-12 | Cisco IOS XR Software for ASR 9000 Series Routers Layer 3 Multicast Routing Denial of Service Vulnerability |
| CVE-2025-20177 | 2025-03-12 | Cisco IOS XR Software Image Verification Bypass Vulnerability |
| CVE-2025-20209 | 2025-03-12 | Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability |
| CVE-2025-27017 | 2025-03-12 | Apache NiFi: Potential Insertion of MongoDB Password in Provenance Record |
| CVE-2025-27407 | 2025-03-12 | Remote code execution when loading a crafted GraphQL schema |
| CVE-2025-0114 | 2025-03-12 | PAN-OS: Denial of Service (DoS) in GlobalProtect |
| CVE-2025-22870 | 2025-03-12 | HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net |
| CVE-2025-0115 | 2025-03-12 | PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI |
| CVE-2025-0116 | 2025-03-12 | PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame |
| CVE-2025-0117 | 2025-03-12 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability |
| CVE-2025-0118 | 2025-03-12 | GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability |
| CVE-2024-26290 | 2025-03-12 | Authenticated Remote Command Injection affecting Avid NEXIS |
| CVE-2025-25293 | 2025-03-12 | ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses |
| CVE-2025-25291 | 2025-03-12 | ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential) |
| CVE-2025-25292 | 2025-03-12 | Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential) |
| CVE-2020-36843 | 2025-03-13 | The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers... |
| CVE-2024-22880 | 2025-03-13 | Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component. |
| CVE-2024-28803 | 2025-03-13 | Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter |
| CVE-2024-53406 | 2025-03-13 | Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an... |
| CVE-2024-55060 | 2025-03-13 | A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-55198 | 2025-03-13 | User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses. |
| CVE-2024-57062 | 2025-03-13 | An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. |
| CVE-2024-57348 | 2025-03-13 | Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters. |
| CVE-2025-25363 | 2025-03-13 | An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript... |
| CVE-2025-25598 | 2025-03-13 | Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. |
| CVE-2025-25625 | 2025-03-13 | A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on... |
| CVE-2025-28010 | 2025-03-13 | A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which... |
| CVE-2025-28011 | 2025-03-13 | A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request... |
| CVE-2025-28015 | 2025-03-13 | A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code... |
| CVE-2025-29357 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-29358 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
| CVE-2025-29359 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
| CVE-2025-29360 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-29361 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
| CVE-2025-29362 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
| CVE-2025-29363 | 2025-03-13 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2025-2106 | 2025-03-13 | Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection |
| CVE-2025-1559 | 2025-03-13 | CC-IMG-Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13703 | 2025-03-13 | CRM and Lead Management by vcita <= 2.7.1 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle |
| CVE-2025-2107 | 2025-03-13 | Arielbrailovsky-Viralad <= 1.0.8 - Unauthenticated SQL Injection |
| CVE-2024-13887 | 2025-03-13 | Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition |
| CVE-2025-2250 | 2025-03-13 | WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins <= 2.32 - Authenticated (Admin+) SQL Injection |
| CVE-2025-2104 | 2025-03-13 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post Publication |
| CVE-2025-1561 | 2025-03-13 | AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-1503 | 2025-03-13 | WP Recipe Maker <= 9.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0652 | 2025-03-13 | Incorrect Authorization in GitLab |
| CVE-2024-13054 | 2025-03-13 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-12380 | 2025-03-13 | Generation of Error Message Containing Sensitive Information in GitLab |
| CVE-2024-8402 | 2025-03-13 | Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab |
| CVE-2024-13884 | 2025-03-13 | Limit Bio <= 1.0 - Reflected XSS |
| CVE-2024-13885 | 2025-03-13 | WP E Customers <= 0.0.1 - Reflected XSS |
| CVE-2024-13891 | 2025-03-13 | Schedule <= 1.0.0 - Reflected XSS |
| CVE-2025-1401 | 2025-03-13 | WP Click Info <= 2.7.4 - Reflected XSS |
| CVE-2025-1436 | 2025-03-13 | Limit Bio <= 1.0 - Stored XSS via CSRF |
| CVE-2025-1486 | 2025-03-13 | WoWPth <= 2.0 - Reflected XSS |
| CVE-2025-1487 | 2025-03-13 | WoWPth <= 2.0 - Reflected XSS |
| CVE-2025-1257 | 2025-03-13 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2024-7296 | 2025-03-13 | Incorrect Authorization in GitLab |
| CVE-2025-2271 | 2025-03-13 | IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp |
| CVE-2025-1119 | 2025-03-13 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-1785 | 2025-03-13 | Download Manager <= 3.3.08 - Authenticated (Author+) Path Traversal to Limited File Overwrite |
| CVE-2025-25175 | 2025-03-13 | A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing... |
| CVE-2025-29994 | 2025-03-13 | Improper Authentication Vulnerability in CAP back office application |
| CVE-2025-29995 | 2025-03-13 | Account Takeover Vulnerability in CAP back office application |
| CVE-2025-29996 | 2025-03-13 | Authentication Bypass Vulnerability in CAP back office application |
| CVE-2025-29997 | 2025-03-13 | Improper Access Control Vulnerability in CAP back office application |
| CVE-2025-29998 | 2025-03-13 | No Rate Limiting Vulnerability in CAP back office application |
| CVE-2025-21104 | 2025-03-13 | Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading... |
| CVE-2024-10942 | 2025-03-13 | All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection |
| CVE-2025-2277 | 2025-03-13 | Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. |
| CVE-2025-1635 | 2025-03-13 | Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include... |
| CVE-2025-1636 | 2025-03-13 | Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My... |
| CVE-2025-2278 | 2025-03-13 | Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known... |