Patch Tuesday — March 2025

2025-03-11 · 693 CVEs

CVEs published or modified the week of 2025-03-11, partitioned by vendor.

Microsoft (85 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26645High8.82025-03-11Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-24056High8.82025-03-11Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
CVE-2025-24051High8.82025-03-11Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-24084High8.42025-03-11Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
CVE-2025-24049High8.42025-03-11Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-24064High8.12025-03-11Use after free in DNS Server allows an unauthorized attacker to execute code over a network.
CVE-2025-24045High8.12025-03-11Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-24035High8.12025-03-11Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-27178High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27177High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27175High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27174High7.82025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27171High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27169High7.82025-03-11Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27168High7.82025-03-11Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27167High7.82025-03-11Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways.
CVE-2025-27166High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27162High7.82025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27161High7.82025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2025-27160High7.82025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27159High7.82025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27158High7.82025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24453High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24452High7.82025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-26630High7.82025-03-11Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally.
CVE-2025-26629High7.82025-03-11Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-24995High7.82025-03-11Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-24993High7.8KEV2025-03-11Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2025-24985High7.8KEV2025-03-11Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVE-2025-24083High7.82025-03-11Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-24082High7.82025-03-11Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-24081High7.82025-03-11Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-24080High7.82025-03-11Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-24079High7.82025-03-11Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-24077High7.82025-03-11Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-24075High7.82025-03-11Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-24072High7.82025-03-11Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
CVE-2025-24067High7.82025-03-11Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24066High7.82025-03-11Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2025-24061High7.82025-03-11Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-24059High7.82025-03-11Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-24057High7.82025-03-11Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-24050High7.82025-03-11Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24048High7.82025-03-11Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24046High7.82025-03-11Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24044High7.82025-03-11Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2025-21180High7.82025-03-11Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
CVE-2025-26634High7.52025-03-11Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
CVE-2025-24043High7.52025-03-11Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
CVE-2025-26631High7.32025-03-11Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-25003High7.32025-03-11Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24998High7.32025-03-11Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24994High7.32025-03-11Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24076High7.32025-03-11Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24053High7.22025-03-13Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-23360High7.12025-03-11NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write.
CVE-2025-25008High7.12025-03-11Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-26633High7.0KEV2025-03-11Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-26627High7.02025-03-11Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2025-24983High7.0KEV2025-03-11Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2025-24078High7.02025-03-11Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-24070High7.02025-03-11Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21199Medium6.72025-03-11Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-24988Medium6.62025-03-11Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2025-24987Medium6.62025-03-11Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
CVE-2025-24996Medium6.52025-03-11External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24986Medium6.52025-03-11Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
CVE-2025-24071Medium6.52025-03-11Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24054Medium6.5KEV2025-03-11External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-27179Medium5.52025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-27176Medium5.52025-03-11InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-27170Medium5.52025-03-11Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2025-27164Medium5.52025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-27163Medium5.52025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-24449Medium5.52025-03-11Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-24448Medium5.52025-03-11Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-24431Medium5.52025-03-11Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-24992Medium5.52025-03-11Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
CVE-2025-24991Medium5.5KEV2025-03-11Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
CVE-2024-47109Medium5.32025-03-10IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
CVE-2025-24984Medium4.6KEV2025-03-11Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
CVE-2025-24997Medium4.42025-03-11Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
CVE-2025-24055Medium4.32025-03-11Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
CVE-2025-21247Medium4.32025-03-11Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2024-52905Low2.72025-03-10IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.

Other vendors (608 CVEs across 261 vendors)

N/a · 57 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29386Critical9.82025-03-14In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29385Critical9.82025-03-14In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29384Critical9.82025-03-14In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29031Critical9.82025-03-14Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
CVE-2025-29030Critical9.82025-03-14Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.
CVE-2025-29029Critical9.82025-03-14Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
CVE-2025-25568Critical9.82025-03-12SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function.
CVE-2025-25567Critical9.82025-03-12SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function.
CVE-2025-25565Critical9.82025-03-12SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions.
CVE-2025-25940Critical9.82025-03-10VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.
CVE-2025-26260High8.82025-03-12Plenti <= 0.7.16 is vulnerable to code execution.
CVE-2025-25711High8.82025-03-12An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint
CVE-2025-25907High8.82025-03-10tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save.
CVE-2025-25871High8.02025-03-14An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
CVE-2025-25928High8.02025-03-11A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request.
CVE-2025-27910High8.02025-03-10tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status.
CVE-2024-51321High7.62025-03-11In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication.
CVE-2025-29363High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo.
CVE-2025-29362High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList.
CVE-2025-29361High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg.
CVE-2025-29360High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg.
CVE-2025-29359High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo.
CVE-2025-29358High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg.
CVE-2025-29357High7.52025-03-13Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg.
CVE-2025-25709High7.52025-03-12An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints
CVE-2024-51319High7.32025-03-11A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.
CVE-2025-2177High7.32025-03-11A vulnerability classified as critical was found in libzvbi up to 0.2.43.
CVE-2025-2176High7.32025-03-11A vulnerability classified as critical has been found in libzvbi up to 0.2.43.
CVE-2025-29387High7.12025-03-14In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-25927Medium6.82025-03-11A Cross-Site Request Forgery (CSRF) in Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted GET request.
CVE-2024-57062Medium6.72025-03-13An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component.
CVE-2025-25363Medium6.52025-03-13An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in c…
CVE-2025-25774Medium6.52025-03-12An issue was discovered in Open5GS v2.7.2.
CVE-2024-55060Medium6.12025-03-13A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2025-28011Medium6.12025-03-13A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.
CVE-2024-57348Medium6.12025-03-13Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters.
CVE-2025-29032Medium5.92025-03-14Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
CVE-2025-25683Medium5.62025-03-12AlekSIS-Core is vulnerable to Incorrect Access Control.
CVE-2025-25566Medium5.62025-03-12Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function.
CVE-2024-29409Medium5.52025-03-14File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.
CVE-2025-25873Medium5.52025-03-14Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function
CVE-2025-25872Medium5.52025-03-14An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
CVE-2024-57492Medium5.52025-03-10An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton.
CVE-2025-27915Medium5.4KEV2025-03-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1.
CVE-2025-27914Medium5.42025-03-12An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1.
CVE-2025-25929Medium5.42025-03-11A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload inje…
CVE-2024-51322Medium5.42025-03-11Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp componen…
CVE-2024-51320Medium5.42025-03-11Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components
CVE-2025-25908Medium5.42025-03-10A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save.
CVE-2025-28015Medium5.32025-03-13A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3.
CVE-2024-27763Medium5.32025-03-12XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.
CVE-2025-2174Medium5.32025-03-11A vulnerability was found in libzvbi up to 0.2.43.
CVE-2025-2173Medium5.32025-03-11A vulnerability was found in libzvbi up to 0.2.43.
CVE-2025-25925Medium4.82025-03-11A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/short…
CVE-2024-22880Medium4.72025-03-13Cross Site Scripting vulnerability in Zadarma Zadarma extension v.1.0.11 allows a remote attacker to execute a arbitrary code via a crafted script to the webchat component.
CVE-2025-2215Medium4.72025-03-12A vulnerability classified as critical was found in Doufox up to 0.2.0.
CVE-2025-2175Medium4.32025-03-11A vulnerability was found in libzvbi up to 0.2.43.

Linux · 28 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-58087High8.12025-03-12In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.
CVE-2025-21863High7.82025-03-12In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations.
CVE-2025-21858High7.82025-03-12In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev().
CVE-2025-21856High7.82025-03-12In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c, a device without a release function is a broken device and must b…
CVE-2025-21855High7.82025-03-12In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes stat was incremented by the length of th…
CVE-2025-23242High7.32025-03-11NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue.
CVE-2025-23243Medium6.52025-03-11NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue.
CVE-2025-21866Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-en…
CVE-2025-21865Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
CVE-2025-21864Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while running tests that boil down to: - create a…
CVE-2025-21862Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0…
CVE-2025-21861Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() If migration succeeded, we called folio_migrate_flags()->mem_cgroup_migrate() to migra…
CVE-2025-21859Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: USB: gadget: f_midi: f_midi_complete to call queue_work When using USB MIDI, a lock is attempted to be acquired twice through a re-entrant call to f_midi_transmit, causi…
CVE-2025-21857Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: fix error handling causing NULL dereference tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can return 1 if the allocation succeeded…
CVE-2025-21854Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_…
CVE-2025-21853Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable pe…
CVE-2025-21852Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[].
CVE-2025-21850Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: nvmet: Fix crash when a namespace is disabled The namespace percpu counter protects pending I/O, and we can only safely diable the namespace once the counter drop to zer…
CVE-2025-21849Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Use spin_lock_irqsave() in interruptible context spin_lock/unlock() functions used in interrupt contexts could result in a deadlock, as seen in GitLab issue…
CVE-2025-21848Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc() to prevent null pointer dereference.
CVE-2025-21847Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done in sof_set_stream_data_offse…
CVE-2025-21846Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in cases where it is set to write to a file…
CVE-2025-21845Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`")' introduced a bug where…
CVE-2025-21844Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_sta…
CVE-2024-58089Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a…
CVE-2024-58088Medium5.52025-03-12In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced d…
CVE-2025-21860Low3.32025-03-12In the Linux kernel, the following vulnerability has been resolved: mm/zswap: fix inconsistency when zswap_store_page() fails Commit b7c0ccdfbafd ("mm: zswap: support large folios in zswap_store()") skips charging any zswap entries when…
CVE-2025-21851Low3.32025-03-12In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup.

Fortinet · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46662High8.82025-03-14A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via spe…
CVE-2024-55590High8.82025-03-11Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only adm…
CVE-2024-52961High8.82025-03-11An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5…
CVE-2023-37933High8.82025-03-11An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack vi…
CVE-2023-45588High8.22025-03-14An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configu…
CVE-2023-40723High8.12025-03-11An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1…
CVE-2024-45328High7.82025-03-11An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.
CVE-2024-26006High7.52025-03-14An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, ve…
CVE-2023-48790High7.52025-03-11A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted H…
CVE-2024-54018High7.22025-03-11Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.
CVE-2024-45324High7.22025-03-11A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0…
CVE-2024-46663Medium6.72025-03-11A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.
CVE-2024-32123Medium6.72025-03-11Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14…
CVE-2024-40585Medium6.52025-03-14An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4…
CVE-2024-47573Medium6.52025-03-14An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/W…
CVE-2024-55594Medium5.62025-03-14An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafte…
CVE-2023-42784Medium5.62025-03-11An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted…
CVE-2024-55597Medium5.52025-03-11A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.
CVE-2023-33300Medium5.32025-03-14A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-s…
CVE-2023-48785Medium4.82025-03-14An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS d…
CVE-2024-40590Medium4.82025-03-14An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMT…
CVE-2024-54026Medium4.32025-03-11An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox…
CVE-2024-52960Medium4.32025-03-11A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthori…
CVE-2024-33501Medium4.22025-03-11Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2…
CVE-2024-55592Low3.82025-03-11An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versi…
CVE-2022-29059Low2.72025-03-14An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execu…

Siemens · 25 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-56336Critical9.82025-03-11A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02).
CVE-2025-27494Critical9.12025-03-11A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9).
CVE-2025-27396High8.82025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
CVE-2025-27493High8.22025-03-11A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9).
CVE-2024-56182High8.22025-03-11A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (Al…
CVE-2024-56181High8.22025-03-11A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All…
CVE-2025-25175High7.82025-03-13A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002).
CVE-2025-27438High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23402High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23401High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23400High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23399High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23398High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23397High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-23396High7.82025-03-11A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualiza…
CVE-2025-27395High7.22025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
CVE-2025-27394High7.22025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
CVE-2025-27393High7.22025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
CVE-2025-27392High7.22025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
CVE-2025-25266Medium6.82025-03-11A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010).
CVE-2025-25267Medium6.22025-03-11A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010).
CVE-2024-52285Medium5.32025-03-11A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8).
CVE-2025-27397Low3.82025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).
CVE-2025-23384Low3.72025-03-11A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions…
CVE-2025-27398Low2.72025-03-11A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0).

Sap_se · 19 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27434High8.82025-03-11Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack.
CVE-2025-26661High8.82025-03-11Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges.
CVE-2025-26658Medium6.82025-03-11The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions.
CVE-2025-26659Medium6.12025-03-11SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability.
CVE-2025-25242Medium6.12025-03-11SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability.
CVE-2025-25244Medium5.72025-03-11SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check.
CVE-2025-27431Medium5.42025-03-11User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS).
CVE-2025-23194Medium5.32025-03-11SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting.
CVE-2025-0071Medium4.92025-03-11SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value.
CVE-2025-0062Medium4.72025-03-11SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports.
CVE-2025-27436Medium4.32025-03-11The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a…
CVE-2025-27433Medium4.32025-03-11The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement.
CVE-2025-26660Medium4.32025-03-11SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined.
CVE-2025-26656Medium4.32025-03-11OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
CVE-2025-23188Medium4.32025-03-11An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions.
CVE-2025-23185Medium4.12025-03-11Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces.
CVE-2025-27430Low3.52025-03-11Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information.
CVE-2025-26655Low3.12025-03-11SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the applicat…
CVE-2025-27432Low2.42025-03-11The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction.

Adobe · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27181High7.82025-03-11Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27173High7.82025-03-11Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24451High7.82025-03-11Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24450High7.82025-03-11Substance3D - Painter versions 10.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24445High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24444High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24443High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24442High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24441High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24440High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-24439High7.82025-03-11Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27172High7.82025-03-11Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-21169High7.82025-03-11Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27180Medium5.52025-03-11Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-21170Medium5.52025-03-11Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.

Apple · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24201Critical10.0KEV2025-03-11An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions.
CVE-2022-43454High7.82025-03-10A double free issue was addressed with improved memory management.
CVE-2024-54546High7.52025-03-10The issue was addressed with improved memory handling.
CVE-2024-44227High7.52025-03-10The issue was addressed with improved memory handling.
CVE-2024-54467Medium6.52025-03-10A cookie management issue was addressed with improved state management.
CVE-2022-48610Medium5.52025-03-10This issue was addressed through improved state management.
CVE-2024-54560Medium5.52025-03-10A logic issue was addressed with improved checks.
CVE-2024-54473Medium5.52025-03-10This issue was addressed with improved redaction of sensitive information.
CVE-2024-54469Medium5.52025-03-10The issue was addressed with improved checks.
CVE-2024-54463Medium5.52025-03-10This issue was addressed with improved entitlements.
CVE-2024-44192Medium5.52025-03-10The issue was addressed with improved checks.
CVE-2024-54558Low2.82025-03-10A clickjacking issue was addressed with improved out-of-process view handling.
CVE-2024-44179Low2.42025-03-10This issue was addressed by restricting options offered on a locked device.

Ashlar · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2023High7.82025-03-11Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability.
CVE-2025-2022High7.82025-03-11Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability.
CVE-2025-2021High7.82025-03-11Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability.
CVE-2025-2020High7.82025-03-11Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
CVE-2025-2019High7.82025-03-11Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.
CVE-2025-2018High7.82025-03-11Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability.
CVE-2025-2017High7.82025-03-11Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability.
CVE-2025-2016High7.82025-03-11Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability.
CVE-2025-2015High7.82025-03-11Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability.
CVE-2025-2014High7.82025-03-11Ashlar-Vellum Cobalt VS File Parsing Use of Uninitialized Variable Remote Code Execution Vulnerability.
CVE-2025-2013High7.82025-03-11Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability.
CVE-2025-2012High7.82025-03-11Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability.

Google · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1550Critical9.82025-03-11The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive.
CVE-2025-2137High8.82025-03-10Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2025-2136High8.82025-03-10Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2025-2135High8.82025-03-10Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2025-1920High8.82025-03-10Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-56191High8.42025-03-10In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow.
CVE-2024-56192High7.82025-03-10In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-56187Medium6.62025-03-10In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code.
CVE-2024-56188Medium5.12025-03-10there is a possible way to crash the modem due to a missing null check.
CVE-2024-56186Medium5.12025-03-10In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check.
CVE-2024-56185Medium5.12025-03-10In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check.
CVE-2024-56184Medium5.12025-03-10In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check.

Autodesk · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1652High7.82025-03-13A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability.
CVE-2025-1651High7.82025-03-13A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability.
CVE-2025-1650High7.82025-03-13A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability.
CVE-2025-1649High7.82025-03-13A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability.
CVE-2025-1433High7.82025-03-13A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability.
CVE-2025-1432High7.82025-03-13A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability.
CVE-2025-1431High7.82025-03-13A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability.
CVE-2025-1430High7.82025-03-13A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability.
CVE-2025-1429High7.82025-03-13A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability.
CVE-2025-1428High7.82025-03-13A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability.
CVE-2025-1427High7.82025-03-13A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability.

Cisco · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20138High8.82025-03-12A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient v…
CVE-2025-20146High8.62025-03-12A vulnerability in the Layer 3 multicast feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unaut…
CVE-2025-20142High8.62025-03-12A vulnerability in the IPv4 access control list (ACL) feature and quality of service (QoS) policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9…
CVE-2025-20115High8.62025-03-12A vulnerability in confederation implementation for the Border Gateway Protocol (BGP)&nbsp;in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due…
CVE-2025-20209High7.52025-03-12A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets.&nbsp; This vul…
CVE-2025-20141High7.42025-03-12A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop worki…
CVE-2025-20177Medium6.72025-03-12A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device.
CVE-2025-20143Medium6.72025-03-12A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device.
CVE-2025-20145Medium5.82025-03-12A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets a…
CVE-2025-20144Medium4.02025-03-12A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of p…

Ibm · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2000Critical9.82025-03-14A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13.
CVE-2024-49823Medium6.52025-03-11IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.
CVE-2024-22340Medium6.52025-03-11IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
CVE-2024-45643Medium5.92025-03-14IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
CVE-2024-56338Medium4.82025-03-11IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting.
CVE-2024-52362Medium4.32025-03-12IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a d…
CVE-2024-45638Medium4.12025-03-14IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
CVE-2024-41760Low3.72025-03-11IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.

Logicaldoc · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54449High8.82025-03-14The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system.
CVE-2024-54448High7.22025-03-14The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system.
CVE-2024-12020Medium6.12025-03-14There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance.
CVE-2024-544472025-03-14Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents.
CVE-2024-544462025-03-14Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents.
CVE-2024-544452025-03-14Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents.
CVE-2024-122452025-03-14Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents.
CVE-2024-120192025-03-14The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system.

Aitangbao · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2211Low2.42025-03-11A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic.
CVE-2025-2210Low2.42025-03-11A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic.
CVE-2025-2209Low2.42025-03-11A vulnerability, which was classified as problematic, was found in aitangbao springboot-manager 3.0.
CVE-2025-2208Low2.42025-03-11A vulnerability, which was classified as problematic, has been found in aitangbao springboot-manager 3.0.
CVE-2025-2207Low2.42025-03-11A vulnerability classified as problematic was found in aitangbao springboot-manager 3.0.
CVE-2025-2206Low2.42025-03-11A vulnerability classified as problematic has been found in aitangbao springboot-manager 3.0.

Gitlab · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1257Medium6.52025-03-13An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2.
CVE-2024-13054Medium6.52025-03-13An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2.
CVE-2024-12380Medium4.42025-03-13An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2.
CVE-2025-0652Medium4.32025-03-13An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access con…
CVE-2024-8402Low3.72025-03-13An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2.
CVE-2024-7296Low2.72025-03-13An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum…

Zte · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26704Medium6.42025-03-11Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
CVE-2025-26706Medium5.42025-03-11Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07.
CVE-2025-26705Medium5.32025-03-11Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
CVE-2025-26707Medium5.32025-03-11Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
CVE-2025-26702Medium4.92025-03-11Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.
CVE-2025-26703Medium4.32025-03-11Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.

Apache · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24813Critical9.8KEV2025-03-10Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
CVE-2025-27017Medium6.52025-03-12Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing.
CVE-2025-27867Medium5.62025-03-12Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin.
CVE-2025-29891Medium4.82025-03-12Bypass/Injection vulnerability in Apache Camel.
CVE-2025-26865Low3.52025-03-10Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

Chimpgroup · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11286Critical9.82025-03-14The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.
CVE-2024-11285Critical9.82025-03-14The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1.
CVE-2024-11284Critical9.82025-03-14The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9.
CVE-2024-12810High8.82025-03-14The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7…
CVE-2024-11283High7.52025-03-14The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1.

Devolutions · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2280High8.12025-03-13Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.
CVE-2025-2277High7.52025-03-13Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
CVE-2025-2278Medium6.52025-03-13Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.
CVE-2025-1636Medium6.52025-03-13Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials i…
CVE-2025-1635Medium6.52025-03-13Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to…

Ge Vernova · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27256High8.32025-03-10Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication.
CVE-2025-27255High8.02025-03-10Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation.
CVE-2025-27254High8.02025-03-10CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass.  The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
CVE-2025-27257Medium6.12025-03-10Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.
CVE-2025-27253Medium6.12025-03-10A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding.

Mennekes · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-223702025-03-11Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.
CVE-2025-223692025-03-11The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
CVE-2025-223682025-03-11The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
CVE-2025-223672025-03-11The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVE-2025-223662025-03-11The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Palo Alto Networks · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0118High8.02025-03-12A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user.
CVE-2025-0114High7.52025-03-12A Denial of Service (DoS) vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software enables an unauthenticated attacker to render the service unavailable by sending a large number of specially crafted packets over a…
CVE-2025-01172025-03-12A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM.
CVE-2025-01162025-03-12A Denial of Service (DoS) vulnerability in Palo Alto Networks PAN-OS software causes the firewall to unexpectedly reboot when processing a specially crafted LLDP frame sent by an unauthenticated adjacent attacker.
CVE-2025-01152025-03-12A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files.

Rising Technosoft · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-299982025-03-13This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint.
CVE-2025-299972025-03-13This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints.
CVE-2025-299962025-03-13This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login.
CVE-2025-299952025-03-13This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints.
CVE-2025-299942025-03-13This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint.

Unknown · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13885High7.12025-03-13The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adm…
CVE-2024-13864High7.12025-03-11The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-13574High7.12025-03-11The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-13853Medium6.12025-03-11The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-13580Medium4.32025-03-11The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

Zoom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27440High8.52025-03-11Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-27439High8.52025-03-11Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-0151High8.52025-03-11Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-0150High7.12025-03-11Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-0149Medium6.52025-03-11Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.

Changeweb · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25614High8.82025-03-10Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
CVE-2025-25620Medium5.42025-03-10Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVE-2025-25616Medium4.32025-03-10Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams.
CVE-2025-25615Low2.72025-03-10Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.

Hdfgroup · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2310Medium5.32025-03-14A vulnerability was found in HDF5 1.14.6 and classified as critical.
CVE-2025-2309Medium5.32025-03-14A vulnerability has been found in HDF5 1.14.6 and classified as critical.
CVE-2025-2308Medium5.32025-03-14A vulnerability, which was classified as critical, was found in HDF5 1.14.6.
CVE-2025-2153Medium5.02025-03-10A vulnerability, which was classified as critical, was found in HDF5 1.14.6.

Mrcms · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2193Medium5.42025-03-11A vulnerability has been found in MRCMS 3.1.2 and classified as critical.
CVE-2025-2196Low3.52025-03-11A vulnerability was found in MRCMS 3.1.2.
CVE-2025-2195Low3.52025-03-11A vulnerability was found in MRCMS 3.1.2.
CVE-2025-2194Low3.52025-03-11A vulnerability was found in MRCMS 3.1.2 and classified as problematic.

Santesoft · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2263Critical9.82025-03-13During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password.
CVE-2025-2265High7.82025-03-13The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db.
CVE-2025-2284High7.52025-03-13A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
CVE-2025-2264High7.52025-03-13A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe".

Bitdefender · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13871High8.82025-03-12A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490).
CVE-2024-13872High7.52025-03-12Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices.
CVE-2024-13870Medium5.72025-03-12An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdef…

Dataease · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27138Critical9.82025-03-13DataEase is an open source business intelligence and data visualization tool.
CVE-2025-27103Medium6.52025-03-13DataEase is an open source business intelligence and data visualization tool.
CVE-2025-24974Medium6.52025-03-13DataEase is an open source business intelligence and data visualization tool.

Datalust · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27912High8.82025-03-11An issue was discovered in Datalust Seq before 2024.3.13545.
CVE-2025-27911Medium6.52025-03-11An issue was discovered in Datalust Seq before 2024.3.13545.
CVE-2024-58102Medium5.72025-03-11An issue was discovered in Datalust Seq before 2024.3.13545.

Digitaldruid · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25748High7.32025-03-11A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer va…
CVE-2025-25749High7.12025-03-11An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
CVE-2025-25747Medium5.42025-03-11Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint

Netapp · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25292Critical9.82025-03-12ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby.
CVE-2025-25291Critical9.82025-03-12ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby.
CVE-2025-29768Medium4.42025-03-13Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198.

Nintex · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27925High8.52025-03-10Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
CVE-2025-27924Medium5.42025-03-10Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.
CVE-2025-27926Medium4.32025-03-10In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.

Optigo Networks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20812025-03-13Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
CVE-2025-20802025-03-13Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities…
CVE-2025-20792025-03-13Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key.

Pagelayer · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2104Medium4.32025-03-13The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1…
CVE-2024-13430Medium4.32025-03-12The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient res…
CVE-2025-1926Medium4.32025-03-10The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8.

Schneider Electric · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1960Critical9.82025-03-12CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use.
CVE-2025-0813Medium6.82025-03-12CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and inter…
CVE-2025-2002Medium6.02025-03-12CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and…

Sick Ag · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27595Critical9.82025-03-14The device uses a weak hashing alghorithm to create the password hash.
CVE-2025-27593Critical9.32025-03-14The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
CVE-2025-27594High7.52025-03-14The device uses an unencrypted, proprietary protocol for communication.

Uxper · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13771Critical9.82025-03-14The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4.
CVE-2024-13773High7.32025-03-14The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials.
CVE-2024-13772Medium5.62025-03-14The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1.

Zyxel · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12010High7.22025-03-11A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute ope…
CVE-2024-12009High7.22025-03-11A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating sys…
CVE-2024-11253High7.22025-03-11A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator…

Ami · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54085Critical9.8KEV2025-03-11AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface.
CVE-2024-54084High7.52025-03-11APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means.

Andreafarracani · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1487High7.12025-03-13The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2025-1486High7.12025-03-13The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Arielbrailovsky · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2107High7.52025-03-13The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parame…
CVE-2025-2106High7.52025-03-13The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied param…

Assimp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2152Medium6.32025-03-10A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.
CVE-2025-2151Medium6.32025-03-10A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3.

Castlenet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2213Low2.42025-03-11A vulnerability was found in Castlenet CBW383G2N up to 20250301.
CVE-2025-2212Low2.42025-03-11A vulnerability was found in Castlenet CBW383G2N up to 20250301.

Celk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55199Medium5.42025-03-10A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature.
CVE-2024-55198Medium5.32025-03-13User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1 password recovery functionality which allows a remote attacker to enumerate users through discrepancies in the responses.

Cmsol · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26163Critical9.82025-03-14CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the CPF parameter.
CVE-2025-30022Medium6.82025-03-14CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to contain a SQL injection via the DATANASC parameter.

Davidosipov · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-297802025-03-14Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme.
CVE-2025-297792025-03-14Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme.

Debian · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27363High8.1KEV2025-03-11An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files.
CVE-2023-52927High7.82025-03-14In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table.

Gallagher · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41724High8.72025-03-10Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
CVE-2024-43107High7.22025-03-10Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g.

Jetbrains · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29904Medium5.32025-03-12In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
CVE-2025-29903Medium5.22025-03-12In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible

Jwpegram · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28871Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Stored XSS.This issue affects Block Spam By Math Reloaded: from n…
CVE-2025-28872Medium5.32025-03-11Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through <= 2.2…

Kubernetes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1767Medium6.52025-03-13This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node.
CVE-2024-9042Medium5.92025-03-13This CVE affects only Windows worker nodes.

Laravel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13919High8.02025-03-10The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
CVE-2024-13918High8.02025-03-10The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

Linuxfoundation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2148Medium5.02025-03-10A vulnerability was found in PyTorch 2.6.0+cu124.
CVE-2025-2149Low2.52025-03-10A vulnerability was found in PyTorch 2.6.0+cu124.

Lovecards · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2219High7.32025-03-12A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical.
CVE-2025-2218Medium5.32025-03-12A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical.

Mmaitre314 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1945Critical9.82025-03-10picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified.
CVE-2025-1944Medium6.52025-03-10picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives.

Mozilla · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26696High7.02025-03-10Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted.
CVE-2025-26695Medium5.32025-03-10When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address.

Node-saml · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-297752025-03-14xml-crypto is an XML digital signature and encryption library for Node.js.
CVE-2025-297742025-03-14xml-crypto is an XML digital signature and encryption library for Node.js.

Obiba · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-277922025-03-11Opal is OBiBa’s core database application for biobanks or epidemiological studies.
CVE-2025-271012025-03-11Opal is OBiBa’s core database application for biobanks or epidemiological studies.

Opentext™ · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-08842025-03-12Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.  The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation.
CVE-2025-08832025-03-12Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser.

Philips · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2230High7.72025-03-13A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass.
CVE-2025-2229High7.72025-03-13A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

Red Hat · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8176High7.52025-03-14A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents.
CVE-2025-2240High7.52025-03-12A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue.

Rivercitygraphix · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1436High7.12025-03-13The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-13884High7.12025-03-13The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Shanebp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28874Medium6.52025-03-11Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Email Assign Templa…
CVE-2025-28875Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Stored XSS.This issue affects BP Email Assign Templates: from n/a thro…

Themeum · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1508Medium5.32025-03-12The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.14.
CVE-2024-13228Medium4.32025-03-11The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'.

Umbraco · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27602Medium4.92025-03-11Umbraco is a free and open source .NET content management system.
CVE-2025-27601Medium4.32025-03-11Umbraco is a free and open source .NET content management system.

Xmlsoft · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24855High7.82025-03-14numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored.
CVE-2024-55549High7.82025-03-14xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

Zzskzy · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2217Medium6.32025-03-12A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3.
CVE-2025-2216Medium6.32025-03-12A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3.

1e · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1683High7.82025-03-12Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbo…

274056675 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2320High7.32025-03-14A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical.

A. Chappard · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28927Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in A.

A. Jones · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28918Medium6.52025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A.

A2rocklobster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28892High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync ftp-sync allows Stored XSS.This issue affects FTP Sync: from n/a through <= 1.1.6.

Abocms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-37787Medium6.52025-03-11The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module

Aftab Ali Muni · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28913Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active Class To Menu Item: from n/a through <=…

Agpt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22603High8.12025-03-10AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows.

Ajay Sharma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28914Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere wp-show-login-form allows Stored XSS.This issue affects wordpress login form to anywhere: fr…

Akshar Soft Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28896Medium4.72025-03-11URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin as-english-admin allows Phishing.This issue affects AS English Admin: from n/a through <= 1.0.0.

Amentotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13446Critical9.82025-03-12The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5.

Amocrm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28870Medium6.52025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through <= 1.1.

Analyticswp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13321High7.52025-03-14The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function.

Anps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13376High8.82025-03-14The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and…

Apppresser · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1561High7.22025-03-13The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping.

Archer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27893Low1.82025-03-11In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?…

Areal Sas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1434Medium6.12025-03-11The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet.

Arkapravamajumder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28940Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top backtotop allows Cross Site Request Forgery.This issue affects Back To Top: from n/a through <= 2.0.

Aumsrini · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28879Medium6.52025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider bee-layer-slider allows Stored XSS.This issue affects Bee Layer Slider: from n/a through <= 1.1.

Avid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-262902025-03-12Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating sy…

Babel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27789Medium6.22025-03-11Babel is a compiler for writing next generation JavaScript.

Bcs Website Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28932High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through <= 2.4.

Beeteam368 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0955Medium5.32025-03-14The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5.

Beijing Zhide Intelligent Internet Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2147Medium5.32025-03-10A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0.

Benjamin Pick · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28902Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button…

Bhzad · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28861High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= 0.1.0.

Bjoern · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28938Medium4.32025-03-11Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.

Bmc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34398Medium4.22025-03-12An issue was discovered in BMC Remedy Mid Tier 7.6.04.

Brechtvds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1503Medium6.42025-03-13The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping.

Canvg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25977Critical9.82025-03-10An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.

Carlos Minatti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28863Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image delete-original-image allows Cross Site Request Forgery.This issue affects Delete Original Image: from n/a through <= 0.4.

Chaser324 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28905High7.12025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid featured-posts-grid allows Stored XSS.This issue affects Featured Posts Grid: from n/a through <= 1.7.

Claro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2191Low2.42025-03-11A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817.

Clearcodehq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1559Medium6.42025-03-13The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied…

Cmsmasters · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0952High8.12025-03-14The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX…

Codename065 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1785Medium5.42025-03-13The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action.

Codevibrant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28859Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice maintenance-notice allows Cross Site Request Forgery.This issue affects Maintenance Notice: from n/a through <= 1.0.6.

Concrete Cms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0660Medium4.82025-03-10Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names.  The Concrete CMS security te…

Condenast · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28868Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe ziplist-recipe-plugin allows Cross Site Request Forgery.This issue affects ZipList Recipe: from n/a through <= 3.1.

Creativemindssolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2166Medium6.12025-03-14The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and…

Croixhaug · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1119High7.32025-03-13The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5.

Cyclopsmc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-271072025-03-13Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics.

Dangrossman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28856Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through <= 4.1.

Dell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21104Medium4.32025-03-13Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console.

Demergent-labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-297762025-03-14Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP.

Detheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1526Medium6.42025-03-14The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and out…

Devitemsllc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1527Medium6.42025-03-12The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown modul…

Devrix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28931High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags wp-hashtags allows Stored XSS.This issue affects Hashtags: from n/a through <= 0.3.2.

Djeet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12589Medium6.42025-03-12The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input s…

Duogeek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2077Medium6.12025-03-12The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping.

Eclipse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10838Critical9.12025-03-12An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory.

Edwardw · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28909Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question wp-no-bot-question allows Cross Site Request Forgery.This issue affects WP No-Bot Question: from n/a through <= 0.1.7.

Element · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27606Medium5.12025-03-14Element Android is an Android Matrix Client provided by Element.

Espressif · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53406High8.82025-03-13Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass.

Evisions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-53307Medium5.42025-03-10A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Facebook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27591Medium6.82025-03-11A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below.

Fastmover · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28887Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column plugins-last-updated-column allows Cross Site Request Forgery.This issue affects Plugins Last Updated Column: from n/a through <= 0.1.3.

Flarum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27794Medium6.82025-03-12Flarum is open-source forum software.

Forsyspress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13836High7.12025-03-11The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Frazahmed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13413Medium6.12025-03-11The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘res’ parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping.

Freshface · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26936Critical10.02025-03-10Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injection.This issue affects Fresh Framework: from n/a through <= 1.70.0.

Froxlor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29773Medium5.82025-03-13Froxlor is open-source server administration software.

Frucomerci · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28894High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress list-posts-by-category allows Stored XSS.This issue affects List of Posts from each Category plugin for WordPress: from n/a…

Fs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25625Medium5.42025-03-13A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d_118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on u…

Ftcms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2133Low2.42025-03-10A vulnerability classified as problematic was found in ftcms 2.1.

Gallagherwebsitedesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0629Medium4.82025-03-11The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the u…

Gkdv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2078Medium4.42025-03-12The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping.

Glpi-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26626Medium6.52025-03-14The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package.

Gnarf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2076Medium4.42025-03-12The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping.

Go-vela · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27616High8.52025-03-10Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang.

Golang.org/x/net · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22870Medium4.42025-03-12Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component.

Gtbabel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11638High8.82025-03-10The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a…

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1296Medium6.52025-03-10Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs.

Hcl Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30143Medium4.32025-03-13HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory.

Hgiga · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2150Medium5.42025-03-10The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when the…

Hiddenpearls · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1764High7.52025-03-14The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1.

Hieu Nguyen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28925High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Hieu Nguyen WATI Chat and Notification wati-chat-and-notification allows Stored XSS.This issue affects WATI Chat and Notification: from n/a through <= 1.1.2.

Hillstone Networks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2239Medium5.32025-03-12Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.

Hp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2268High7.52025-03-14The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).

Ikm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25382High7.52025-03-10An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.

Inovalogic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25598High8.82025-03-13Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task.

Instawp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13913High8.82025-03-14The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83.

Iqonic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26910High7.12025-03-10Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit wpbookit allows Stored XSS.This issue affects WPBookit: from n/a through <= 1.0.1.

Irontemplates · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2103High8.82025-03-14The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.1…

Issuetrak · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2271High7.72025-03-13A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access audit results of other users by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in the Issuetrak audit component.

Italtel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28803Medium6.12025-03-13Cross-site scripting (XSS) vulnerability in Italtel S.p.A.

Ivanti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22454High7.82025-03-11Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

Jazzigor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28891High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc price-calc allows Stored XSS.This issue affects price-calc: from n/a through <= 0.6.3.

Jitbit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-297712025-03-14HtmlSanitizer is a client-side HTML Sanitizer.

Jogesh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28920Medium5.32025-03-11Missing Authorization vulnerability in Jogesh Responsive Google Map responsive-google-map allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Google Map: from n/a through <= 3.1.5.

Johndarrel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2056High7.52025-03-14The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function.

Jonschlinkert · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25975High7.52025-03-12An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function

Joomla! Project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-222132025-03-11Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions.

Jouni Malinen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24912Low3.72025-03-12hostapd fails to process crafted RADIUS packets properly.

Juniper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21590Medium4.4KEV2025-03-12An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.

Koha · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22954Critical10.02025-03-12GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.

Labredescefetrj · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29782Medium5.42025-03-14WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17.

Lavacode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28937Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search lava-ajax-search allows Stored XSS.This issue affects Lava Ajax Search: from n/a through <= 1.1.9.

Leica Biosystems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1888Medium4.62025-03-14The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS).

Lf-edge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52812Medium5.42025-03-10LF Edge eKuiper is an internet-of-things data analytics and stream processing engine.

Librasean · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28607Low2.92025-03-11The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

Lsc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25680High7.72025-03-11LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process.

Martin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28883High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables wp-compare-tables allows Stored XSS.This issue affects WP Compare Tables: from n/a through <= 1.0.5.

Maxfoundry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28933High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B maxab allows Stored XSS.This issue affects MaxA/B: from n/a through <= 2.2.2.

Mg12 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28881Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes wp-mobile-themes allows Cross Site Request Forgery.This issue affects Mobile Themes: from n/a through <= 1.1.1.

Microweber · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2214Low3.52025-03-12A vulnerability was found in Microweber 2.0.19.

Misskey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25306Critical9.32025-03-10Misskey is an open source, federated social media platform.

Mljar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1497Critical9.82025-03-10A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI.

Modx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28010Medium5.42025-03-13A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0.

Mogify Infotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21892025-03-11This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware.

Mooveagency · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2205Medium4.42025-03-12The GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice – CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insuffic…

Muntasir Rahman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28912Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page custom-dashboard-page allows Cross Site Request Forgery.This issue affects Custom Dashboard Page: from n/a through <= 1.0.

Mylo2h2s · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28943Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator - Missing ALT manager dp-alterminator-missing-alt-manager allows Stored XSS.This issue affects DP ALTerminator -…

Naren · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28901High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users members-page-only-for-logged-in-users allows Stored XSS.This issue affects Members page only for logged in users: from n/a through <= 1.4.2.

Nitin Prakash · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26933High7.52025-03-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue…

Odyssey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2220Low3.32025-03-12A vulnerability was found in Odyssey CMS up to 10.34.

Ohtan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28941Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye spam-byebye allows Cross Site Request Forgery.This issue affects Spam Byebye: from n/a through <= 2.2.4.

Omniauth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25293High7.52025-03-12ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby.

Omnipressteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13407Medium4.32025-03-14The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included.

Otrs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24387Medium4.82025-03-10A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions.

Owen2345 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23042025-03-14A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called.

Passbolt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27913High7.52025-03-10Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header.

Pdf-xchange · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0900Low3.32025-03-11PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability.

Percona · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26701Critical10.02025-03-11An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova.

Perl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1828High8.82025-03-11Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.

Philippe · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28923High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in philippe No Disposable Email no-disposable-email allows Stored XSS.This issue affects No Disposable Email: from n/a through <= 2.5.1.

Pimcore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27617High8.82025-03-11Pimcore is an open source data and experience management platform.

Pipdig · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28908Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pipdig pipDisqus pipdisqus allows Stored XSS.This issue affects pipDisqus: from n/a through <= 1.6.

Pixflow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26916Critical9.02025-03-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from n/a through <= 8.2.

Planetstudio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28864Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in planetstudio Builder for Contact Form 7 by Webconstruct cf7-builder allows Cross Site Request Forgery.This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through <= 1.2…

Pluginus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1661Critical9.82025-03-11The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action.

Popeating · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28926Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time post-read-time allows Stored XSS.This issue affects Post Read Time: from n/a through <= 1.2.6.

Potenzaglobalsolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13824Critical9.82025-03-14The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_co…

Ppdpurveyor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28860High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator google-news-editors-picks-news-feeds allows Stored XSS.This issue affects Google News Editors Picks Feed Generator: from n/a through <=…

Purethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2232Critical9.82025-03-14The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8.

Rack · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27610High7.52025-03-10Rack provides an interface for developing web applications in Ruby.

Rahul Arora · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28907Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahul Arora WP Last Modified wp-last-modified allows Stored XSS.This issue affects WP Last Modified: from n/a through <= 0.1.

Rajesh Kumar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28884Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a through <= 1.2.

Rankchecker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28857High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration rankchecker-io-integration allows Stored XSS.This issue affects Rankchecker.io Integration: from n/a through <= 1.0.9.

Ratify-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-274032025-03-11Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates.

Ravinder Khurana · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28910Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar wp-hide-admin-bar allows Cross Site Request Forgery.This issue affects WP Hide Admin Bar: from n/a through <= 2.0.

Realmag777 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2169High7.32025-03-11The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4.

Rmosolgo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27407Critical9.02025-03-12graphql-ruby is a Ruby implementation of GraphQL.

Robothy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-271362025-03-10LocalS3 is an Amazon S3 mock service for testing and local development.

Rodolphe Moulin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28930Medium6.52025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodolphe MOULIN List Mixcloud list-mixcloud allows Stored XSS.This issue affects List Mixcloud: from n/a through <= 1.4.

Ruby · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27788High7.52025-03-12JSON is a JSON implementation for Ruby.

S-a · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1401High7.12025-03-13The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

S3bubble · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13862High7.12025-03-11The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could b…

Sakurapixel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28936Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar lunar-sell-photos-online allows Stored XSS.This issue affects Lunar: from n/a through <= 1.3.0.

Samsung · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2233High8.82025-03-11Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability.

Sap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25245Medium5.42025-03-11SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured.

Scheduler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13891High7.12025-03-13The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Search & Filter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1528Medium4.32025-03-14The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19.

Sendquick · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-263122025-03-14SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter.

Servmask · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10942High7.52025-03-13The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function.

Sharethis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1507Medium5.32025-03-14The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1.

Shellbot · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28919Medium6.52025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shellbot Easy Image Display easy-image-display allows Stored XSS.This issue affects Easy Image Display: from n/a through <= 1.2.5.

Simplesamlphp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27773High8.62025-03-11The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality.

Skrill · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28876Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official official-skrill-woocommerce allows Cross Site Request Forgery.This issue affects Skrill Official: from n/a through <= 1.0.66.

Smartdatasoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1285Medium5.32025-03-14The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6.

Smerriman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28866Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger login-logger allows Cross Site Request Forgery.This issue affects Login Logger: from n/a through <= 1.2.1.

Sminozzi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2250Medium4.92025-03-13The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on…

Snowflake · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27496Low3.32025-03-13Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver.

Socialsnap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13615Low3.52025-03-11The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p…

Stesvis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28867Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a through <= 1.0.2.

Steveorevo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28897High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme domain-theme allows Stored XSS.This issue affects Domain Theme: from n/a through <= 1.3.

Stoque · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2192Medium4.32025-03-11A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24.

Str4d · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-36843Medium4.32025-03-13The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property.

Strategy11team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13887Medium5.32025-03-13The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function…

Suman Biswas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28895High7.12025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suman Biswas Custom top bar custom-top-bar allows Stored XSS.This issue affects Custom top bar: from n/a through <= 2.1.

Synaptics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9157High7.82025-03-11** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process.

Tapandsign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12604Medium6.52025-03-10Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misus…

Techlabpro1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1707High8.82025-03-11The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta.

Tecno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2190High8.12025-03-11The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.

Terence D. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28922High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Terence D.

Theme Egg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28915Critical9.12025-03-11Unrestricted Upload of File with Dangerous Type vulnerability in Theme Egg ThemeEgg ToolKit themeegg-toolkit allows Upload a Web Shell to a Web Server.This issue affects ThemeEgg ToolKit: from n/a through <= 1.2.9.

Thiago S.f. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28906Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thiago S.F.

Tianocore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2295Low3.52025-03-14EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means.

Umati · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27615High8.22025-03-10umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages.

Uncannyowl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13838Medium5.52025-03-12The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Autom…

Vcita · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13703Medium4.32025-03-13The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.5.

Venugopal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28862Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover remove-date-and-gravatar-under-comment allows Cross Site Request Forgery.This issue affects Comment Date and Gravatar remover: from n/a through…

Vivek Marakana · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28929Medium6.52025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vivek Marakana Tabbed Login Widget tabbed-login allows Stored XSS.This issue affects Tabbed Login Widget: from n/a through <= 1.1.2.

Webaways · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13498Medium5.32025-03-12The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing pre…

Webgarb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28900High7.12025-03-11Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro tabgarb allows Stored XSS.This issue affects TabGarb Pro: from n/a through <= 2.6.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13436Medium6.12025-03-11The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2.

Whyun · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2221High7.52025-03-14The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient p…

Will Brubaker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28878Medium5.92025-03-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys awesome-surveys allows Stored XSS.This issue affects Awesome Surveys: from n/a through <= 2.0.10.

Xerox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1984Medium5.22025-03-12Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.

Xjb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28886Medium4.32025-03-11Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram rest-api-to-miniprogram allows Cross Site Request Forgery.This issue affects REST API TO MiniProgram: from n/a through <= 5.1.2.

Zozothemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2289Medium4.32025-03-14The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9.