Lista CVE - 2025 / Marzo
Visualizzazione 101 - 200 di 4015 CVE per Marzo 2025 (Pagina 2 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-27584 | 2025-03-03 | A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a... |
| CVE-2025-27585 | 2025-03-03 | A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a... |
| CVE-2025-27590 | 2025-03-03 | In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. |
| CVE-2025-1841 | 2025-03-03 | ESAFENET CDG ClientSortLog.jsp sql injection |
| CVE-2025-1842 | 2025-03-03 | FITSTATS Technologies AthleteMonitoring login.php cross site scripting |
| CVE-2025-1843 | 2025-03-03 | Mini-Tmall ProductMapper.java select sql injection |
| CVE-2025-1844 | 2025-03-03 | ESAFENET CDG backupLogDetail.jsp sql injection |
| CVE-2025-1845 | 2025-03-03 | ESAFENET DSM examExportPDF command injection |
| CVE-2025-20644 | 2025-03-03 | In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base... |
| CVE-2025-20645 | 2025-03-03 | In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20646 | 2025-03-03 | In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges... |
| CVE-2025-20647 | 2025-03-03 | In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue... |
| CVE-2025-20648 | 2025-03-03 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2025-20649 | 2025-03-03 | In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed.... |
| CVE-2025-20650 | 2025-03-03 | In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access... |
| CVE-2025-20651 | 2025-03-03 | In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to... |
| CVE-2025-20652 | 2025-03-03 | In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access... |
| CVE-2025-20653 | 2025-03-03 | In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the... |
| CVE-2025-1846 | 2025-03-03 | zj1983 zz File ZfileAction.java deleteLocalFile denial of service |
| CVE-2025-1847 | 2025-03-03 | zj1983 zz improper authorization |
| CVE-2025-1848 | 2025-03-03 | zj1983 zz import_data_check server-side request forgery |
| CVE-2025-1849 | 2025-03-03 | zj1983 zz import_data_todb server-side request forgery |
| CVE-2025-1850 | 2025-03-03 | Codezips College Management System university.php sql injection |
| CVE-2025-1851 | 2025-03-03 | Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow |
| CVE-2025-1852 | 2025-03-03 | Totolink EX1800T cstecgi.cgi loginAuth buffer overflow |
| CVE-2025-1853 | 2025-03-03 | Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow |
| CVE-2025-1854 | 2025-03-03 | Codezips Gym Management System del_member.php sql injection |
| CVE-2025-1855 | 2025-03-03 | PHPGurukul Online Shopping Portal product-details.php sql injection |
| CVE-2025-1856 | 2025-03-03 | Codezips Gym Management System gen_invoice.php sql injection |
| CVE-2025-1723 | 2025-03-03 | Account takeover |
| CVE-2025-1857 | 2025-03-03 | PHPGurukul Nipah Virus Testing Management System check_availability.php sql injection |
| CVE-2025-1864 | 2025-03-03 | Buffer Overflow and Potential Code Execution in Radare2 |
| CVE-2025-24846 | 2025-03-03 | Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information... |
| CVE-2025-25280 | 2025-03-03 | Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated... |
| CVE-2025-1858 | 2025-03-03 | Codezips Online Shopping Website success.php sql injection |
| CVE-2025-1866 | 2025-03-03 | Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic in libwebsockets |
| CVE-2025-1867 | 2025-03-03 | HTTP Response Smuggling Vulnerability in libhv |
| CVE-2025-24654 | 2025-03-03 | WordPress Squirrly SEO plugin <= 12.4.05 - Broken Access Control vulnerability |
| CVE-2025-1859 | 2025-03-03 | PHPGurukul News Portal login.php sql injection |
| CVE-2024-8186 | 2025-03-03 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-38426 | 2025-03-03 | Improper Authentication in Modem |
| CVE-2024-43051 | 2025-03-03 | Improper Authorization in SPS-HLOS |
| CVE-2024-43055 | 2025-03-03 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera_Linux |
| CVE-2024-43056 | 2025-03-03 | Buffer Over-read in Hypervisor |
| CVE-2024-43057 | 2025-03-03 | Use After Free in MProc |
| CVE-2024-43059 | 2025-03-03 | Use After Free in Automotive Multimedia |
| CVE-2024-43060 | 2025-03-03 | Use of Out-of-range Pointer Offset in Automotive Audio |
| CVE-2024-43061 | 2025-03-03 | Use After Free in Audio |
| CVE-2024-43062 | 2025-03-03 | Use After Free in Camera Linux |
| CVE-2024-45580 | 2025-03-03 | Use After Free in DSP Service |
| CVE-2024-49836 | 2025-03-03 | Improper Validation of Array Index in Camera |
| CVE-2024-53011 | 2025-03-03 | Permissions, Privileges, and Access Controls in Video Analytics and Processing |
| CVE-2024-53012 | 2025-03-03 | Improper Input Validation in Automotive OS Platform |
| CVE-2024-53014 | 2025-03-03 | Improper Validation of Array Index in Audio |
| CVE-2024-53022 | 2025-03-03 | Improper Input Validation in Automotive OS Platform |
| CVE-2024-53023 | 2025-03-03 | Use After Free in Automotive Android OS |
| CVE-2024-53024 | 2025-03-03 | NULL Pointer Dereference in Display |
| CVE-2024-53025 | 2025-03-03 | Integer Overflow or Wraparound in BT Controller |
| CVE-2024-53027 | 2025-03-03 | Buffer Copy Without Checking Size of Input in WLAN Host |
| CVE-2024-53028 | 2025-03-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive Vehicle Networks |
| CVE-2024-53029 | 2025-03-03 | Improper Input Validation in Automotive OS Platform |
| CVE-2024-53030 | 2025-03-03 | Improper Input Validation in Automotive OS Platform |
| CVE-2024-53031 | 2025-03-03 | Improper Input Validation in Automotive OS Platform |
| CVE-2024-53032 | 2025-03-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform |
| CVE-2024-53033 | 2025-03-03 | Untrusted Pointer Dereference in DSP_Services |
| CVE-2024-53034 | 2025-03-03 | Untrusted Pointer Dereference in DSP_Services |
| CVE-2025-21424 | 2025-03-03 | Use After Free in NPU |
| CVE-2025-0475 | 2025-03-03 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-24778 | 2025-03-03 | Apache StreamPipes: Resources Permission Escalation |
| CVE-2025-1868 | 2025-03-03 | Information display on multiple products from Famatech Corp |
| CVE-2024-10925 | 2025-03-03 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2025-1869 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-1870 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-1871 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-1872 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-1873 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-1874 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-1875 | 2025-03-03 | SQL injection vulnerability in 101news |
| CVE-2025-26999 | 2025-03-03 | WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability |
| CVE-2025-23425 | 2025-03-03 | WordPress Marekkis Watermark plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23433 | 2025-03-03 | WordPress vcOS plugin <=1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23437 | 2025-03-03 | WordPress ntp-header-images plugin <=1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23439 | 2025-03-03 | WordPress TinyMCE Extended Config plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23440 | 2025-03-03 | WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23441 | 2025-03-03 | WordPress Attach Gallery Posts plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23446 | 2025-03-03 | WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23447 | 2025-03-03 | WordPress Smooth Dynamic Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23450 | 2025-03-03 | WordPress AW WooCommerce Kode Pembayaran plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23451 | 2025-03-03 | WordPress Awesome Twitter Feeds plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23464 | 2025-03-03 | WordPress Twitter News Feed plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23465 | 2025-03-03 | WordPress Vampire Character Manager plugin <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23468 | 2025-03-03 | WordPress Essay Wizard (wpCRES) plugin <= 1.0.6.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23472 | 2025-03-03 | WordPress Flexo Slider plugin <= 1.0013 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23473 | 2025-03-03 | WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23478 | 2025-03-03 | WordPress Photo Video Store plugin <= 21.07 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23479 | 2025-03-03 | WordPress melascrivi plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23480 | 2025-03-03 | WordPress RSVP ME plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23481 | 2025-03-03 | WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23482 | 2025-03-03 | WordPress azurecurve Floating Featured Image plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23484 | 2025-03-03 | WordPress Predict When plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |