Lista CVE - 2025 / Marzo
Visualizzazione 4001 - 4015 di 4015 CVE per Marzo 2025 (Pagina 41 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-24203 | 2025-03-31 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4,... |
| CVE-2025-24215 | 2025-03-31 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to... |
| CVE-2025-24242 | 2025-03-31 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information. |
| CVE-2025-24235 | 2025-03-31 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able... |
| CVE-2024-40864 | 2025-03-31 | The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a... |
| CVE-2025-24262 | 2025-03-31 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive... |
| CVE-2025-30427 | 2025-03-31 | A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4.... |
| CVE-2025-30470 | 2025-03-31 | A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5.... |
| CVE-2025-24167 | 2025-03-31 | This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated. |
| CVE-2025-3037 | 2025-03-31 | yzk2356911358 StudentServlet-JSP cross-site request forgery |
| CVE-2025-3038 | 2025-03-31 | code-projects Payroll Management System view_account.php sql injection |
| CVE-2025-3039 | 2025-03-31 | code-projects Payroll Management System add_employee.php sql injection |
| CVE-2025-3040 | 2025-03-31 | Project Worlds Online Time Table Generator add_student.php unrestricted upload |
| CVE-2025-3041 | 2025-03-31 | Project Worlds Online Time Table Generator updatestudent.php unrestricted upload |
| CVE-2003-20001 | 2025-04-01 | An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes... |
| CVE-2023-46988 | 2025-04-01 | Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access... |
| CVE-2025-26054 | 2025-04-01 | Infinxt iEdge 100 2.1.32 is vulnerable to Cross Site Scripting (XSS) via the "Description" field during LAN configuration. |
| CVE-2025-26055 | 2025-04-01 | An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function. |
| CVE-2025-26056 | 2025-04-01 | A command injection vulnerability exists in the Infinxt iEdge 100 2.1.32 in the Troubleshoot module "MTR" functionality. The vulnerability is due to improper validation of user-supplied input in the mtrIp... |
| CVE-2025-27829 | 2025-04-01 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some... |
| CVE-2025-28131 | 2025-04-01 | A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw... |
| CVE-2025-28132 | 2025-04-01 | A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This... |
| CVE-2025-28395 | 2025-04-01 | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter. |
| CVE-2025-28398 | 2025-04-01 | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter. |
| CVE-2025-29033 | 2025-04-01 | An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter. |
| CVE-2025-29036 | 2025-04-01 | An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component. |
| CVE-2025-29049 | 2025-04-01 | Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function. |
| CVE-2025-29069 | 2025-04-01 | A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this... |
| CVE-2025-29070 | 2025-04-01 | A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this... |
| CVE-2025-29208 | 2025-04-01 | CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. |
| CVE-2025-3042 | 2025-04-01 | Project Worlds Online Time Table Generator updateprofile.php unrestricted upload |
| CVE-2025-3043 | 2025-04-01 | GuoMinJim PersonManage login preHandle path traversal |
| CVE-2025-3045 | 2025-04-01 | oretnom23/SourceCodester Apartment Visitor Management System remove-apartment.php sql injection |
| CVE-2025-21384 | 2025-04-01 | Azure Health Bot Elevation of Privilege Vulnerability |
| CVE-2025-30672 | 2025-04-01 | Mite for Perl generates code with an untrusted search path vulnerability |
| CVE-2025-30673 | 2025-04-01 | Sub::HandlesVia for Perl allows untrusted code to be included from the current working directory |
| CVE-2025-3051 | 2025-04-01 | Linux::Statm::Tiny for Perl allows untrusted code to be included from the current working directory |
| CVE-2025-1534 | 2025-04-01 | Cross-site Scripting (Stored) |
| CVE-2025-0418 | 2025-04-01 | Valmet DNA user passwords in plain text |
| CVE-2025-0417 | 2025-04-01 | Valmet DNA Lack of protection against brute force attacks |
| CVE-2025-0416 | 2025-04-01 | Valmet DNA Local privilege escalation through insecure DCOM configuration |
| CVE-2025-2007 | 2025-04-01 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2025-2008 | 2025-04-01 | Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-13567 | 2025-04-01 | Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory |
| CVE-2025-1665 | 2025-04-01 | Avada Builder <= 3.11.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-30520 | 2025-04-01 | WordPress Breezing Forms plugin <= 1.2.8.11 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30544 | 2025-04-01 | WordPress OK Poster Group plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30547 | 2025-04-01 | WordPress WP Cards plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30548 | 2025-04-01 | WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30559 | 2025-04-01 | WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30563 | 2025-04-01 | WordPress Tidekey plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30579 | 2025-04-01 | WordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30589 | 2025-04-01 | WordPress Flickr set slideshows plugin <= 0.9 - SQL Injection Vulnerability |
| CVE-2025-30594 | 2025-04-01 | WordPress Include URL <= 0.3.5 Arbitrary File Download Vulnerability |
| CVE-2025-30607 | 2025-04-01 | WordPress Quick Localization plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30613 | 2025-04-01 | WordPress Nmedia MailChimp plugin <= 5.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30614 | 2025-04-01 | WordPress Google Font Fix plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30622 | 2025-04-01 | WordPress PostMash <= 1.0.3 - SQL Injection Vulnerability |
| CVE-2025-30774 | 2025-04-01 | WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability |
| CVE-2025-30782 | 2025-04-01 | WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability |
| CVE-2025-30793 | 2025-04-01 | WordPress Houzez Property Feed plugin <= 2.5.4 - Arbitrary File Download Vulnerability |
| CVE-2025-30794 | 2025-04-01 | WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30796 | 2025-04-01 | WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30797 | 2025-04-01 | WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulnerability |
| CVE-2025-30798 | 2025-04-01 | WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30802 | 2025-04-01 | WordPress Our Team Members plugin <= 2.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-30808 | 2025-04-01 | WordPress About Author plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30827 | 2025-04-01 | WordPress WP2LEADS plugin <= 3.4.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30834 | 2025-04-01 | WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability |
| CVE-2025-30837 | 2025-04-01 | WordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30840 | 2025-04-01 | WordPress xili-dictionary plugin <= 2.12.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30848 | 2025-04-01 | WordPress Hostel plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30849 | 2025-04-01 | WordPress Essential Real Estate plugin <= 5.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-30869 | 2025-04-01 | WordPress Image Wall plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30870 | 2025-04-01 | WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability |
| CVE-2025-30876 | 2025-04-01 | WordPress Ads by WPQuads plugin <= 2.0.87.1 - SQL Injection Vulnerability |
| CVE-2025-30878 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - Arbitrary File Deletion vulnerability |
| CVE-2025-30880 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability |
| CVE-2025-30882 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.1 - Arbitrary File Download vulnerability |
| CVE-2025-30886 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - SQL Injection vulnerability |
| CVE-2025-30901 | 2025-04-01 | WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability |
| CVE-2025-30902 | 2025-04-01 | WordPress AEC Kiosque plugin <= 1.9.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30910 | 2025-04-01 | WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability |
| CVE-2025-30911 | 2025-04-01 | WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability |
| CVE-2025-30917 | 2025-04-01 | WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30924 | 2025-04-01 | WordPress Primer MyData for Woocommerce plugin < 4.2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30926 | 2025-04-01 | WordPress King Addons for Elementor plugin <= 24.12.58 - Broken Access Control Vulnerability |
| CVE-2025-31074 | 2025-04-01 | WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability |
| CVE-2025-31084 | 2025-04-01 | WordPress Sunshine Photo Cart <= 3.4.10 - PHP Object Injection Vulnerability |
| CVE-2025-31087 | 2025-04-01 | WordPress Multiple Shipping And Billing Address For Woocommerce <= 1.5 - PHP Object Injection Vulnerability |
| CVE-2025-31095 | 2025-04-01 | WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability |
| CVE-2025-31415 | 2025-04-01 | WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-22277 | 2025-04-01 | WordPress Vitepos plugin <= 3.1.4 - Broken Authentication vulnerability |
| CVE-2025-30971 | 2025-04-01 | WordPress XV Random Quotes plugin <= 1.40 - SQL Injection vulnerability |
| CVE-2025-31001 | 2025-04-01 | WordPress GTM Kit plugin <= 2.3.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-31024 | 2025-04-01 | WordPress RJ Quickcharts plugin <= 0.6.1 - SQL Injection vulnerability |
| CVE-2025-31409 | 2025-04-01 | WordPress Bridge Core plugin < 3.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-1986 | 2025-04-01 | Gutentor < 3.4.7 - Admin+ SQL Injection |
| CVE-2025-2048 | 2025-04-01 | Lana Downloads Manager < 1.10.0 - Admin+ Arbitrary File Download via Path Traversal |
| CVE-2024-12278 | 2025-04-01 | Booster for WooCommerce <= 7.2.5 - Unauthenticated Stored Cross-Site Scripting |