|
1
|
- |
-
|
-
|
-
|
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
New
|
-
|
CVE-2025-29387
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
- |
-
|
-
|
-
|
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
New
|
-
|
CVE-2025-29386
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
- |
-
|
-
|
-
|
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
New
|
-
|
CVE-2025-29385
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
- |
-
|
-
|
-
|
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
New
|
-
|
CVE-2025-29384
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
- |
-
|
-
|
-
|
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or …
New
|
CWE-347
デジタル署名の不適切な検証
|
CVE-2025-29774
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
- |
-
|
-
|
-
|
Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than t…
New
|
CWE-488
誤ったセッションへのデータ要素の漏えい
|
CVE-2025-27606
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
- |
-
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
New
|
-
|
CVE-2025-26216
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
- |
-
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
New
|
-
|
CVE-2025-26215
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
- |
-
|
-
|
-
|
The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting mal…
New
|
-
|
CVE-2025-1888
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
- |
-
|
-
|
-
|
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unautho…
New
|
CWE-228
不正な構文構造の不適切な処理
|
CVE-2024-55594
|
2025-03-15 02:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
11
|
- |
-
|
-
|
-
|
The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…
New
|
-
|
CVE-2025-1436
|
2025-03-15 02:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
- |
-
|
-
|
-
|
The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
New
|
-
|
CVE-2025-1401
|
2025-03-15 02:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
- |
-
|
-
|
-
|
The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hig…
New
|
-
|
CVE-2024-13891
|
2025-03-15 02:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
- |
-
|
-
|
-
|
The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used …
New
|
-
|
CVE-2024-13885
|
2025-03-15 02:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
- |
-
|
-
|
-
|
The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high…
New
|
-
|
CVE-2024-13884
|
2025-03-15 02:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
- |
-
|
-
|
-
|
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variab…
Update
|
-
|
CVE-2025-27363
|
2025-03-15 02:15 |
2025-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
- |
-
|
-
|
-
|
Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function
New
|
-
|
CVE-2025-25873
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
- |
-
|
-
|
-
|
An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
New
|
-
|
CVE-2025-25872
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
- |
-
|
-
|
-
|
An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
New
|
-
|
CVE-2025-25871
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
- |
-
|
-
|
-
|
An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11…
New
|
CWE-532
ログファイルからの情報漏えい
|
CVE-2024-40585
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
21
|
- |
-
|
-
|
-
|
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS com…
New
|
CWE-295
不正な証明書検証
|
CVE-2023-48785
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
-
|
-
|
-
|
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or …
New
|
CWE-73
ファイル名やパス名の外部制御
|
CVE-2023-45588
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
- |
-
|
-
|
-
|
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via…
New
|
CWE-77
コマンドインジェクション
|
CVE-2023-33300
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
- |
-
|
-
|
-
|
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below …
New
|
CWE-89
SQLインジェクション
|
CVE-2022-29059
|
2025-03-15 01:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
- |
-
|
-
|
-
|
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pr…
New
|
-
|
CVE-2025-1487
|
2025-03-15 01:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
-
|
-
|
-
|
The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high pr…
New
|
-
|
CVE-2025-1486
|
2025-03-15 01:15 |
2025-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
- |
-
|
-
|
-
|
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an aut…
New
|
CWE-354
データの整合性検証不備
|
CVE-2024-47573
|
2025-03-15 00:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
- |
-
|
-
|
-
|
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows att…
New
|
CWE-77
コマンドインジェクション
|
CVE-2024-46662
|
2025-03-15 00:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.9 |
MEDIUM
ネットワーク
|
-
|
-
|
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
New
|
CWE-327
不完全、または危険な暗号アルゴリズムの使用
|
CVE-2024-45643
|
2025-03-15 00:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
4.1 |
MEDIUM
ローカル
|
-
|
-
|
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
New
|
CWE-256
平文でパスワードを保存
|
CVE-2024-45638
|
2025-03-15 00:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
31
|
- |
-
|
-
|
-
|
An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager d…
New
|
CWE-295
不正な証明書検証
|
CVE-2024-40590
|
2025-03-15 00:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: allow exp not to be removed in nf_ct_find_expectation
Currently nf_conntrack_in() calling nf_ct_find_expectation() wil…
New
|
-
|
CVE-2023-52927
|
2025-03-15 00:15 |
2025-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
- |
-
|
-
|
-
|
The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).
New
|
-
|
CVE-2025-2268
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
- |
-
|
-
|
-
|
Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on …
New
|
CWE-835
無限ループ
|
CVE-2025-29776
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
- |
-
|
-
|
-
|
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
New
|
-
|
CVE-2025-29032
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
- |
-
|
-
|
-
|
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
New
|
-
|
CVE-2025-29031
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
- |
-
|
-
|
-
|
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.
New
|
-
|
CVE-2025-29030
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
- |
-
|
-
|
-
|
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
New
|
-
|
CVE-2025-29029
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
- |
-
|
-
|
-
|
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the appl…
New
|
-
|
CVE-2025-2264
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
- |
-
|
-
|
-
|
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the fun…
New
|
-
|
CVE-2025-2263
|
2025-03-14 23:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
41
|
5.5 |
MEDIUM
ローカル
|
apple
|
macos
iphone_os
visionos
watchos
tvos
safari
|
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44192
|
2025-03-14 22:52 |
2025-03-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
- |
-
|
-
|
-
|
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS
When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems…
New
|
-
|
CVE-2025-2304
|
2025-03-14 22:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
9.8 |
CRITICAL
ネットワーク
-
|
-
|
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 th…
New
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2025-2000
|
2025-03-14 22:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
44
|
- |
-
|
-
|
-
|
The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.
New
|
-
|
CVE-2025-27595
|
2025-03-14 22:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
- |
-
|
-
|
-
|
The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby interc…
New
|
-
|
CVE-2025-27594
|
2025-03-14 22:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
- |
-
|
-
|
-
|
The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.
New
|
-
|
CVE-2025-27593
|
2025-03-14 22:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
- |
-
|
-
|
-
|
The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripti…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2025-26626
|
2025-03-14 22:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
- |
-
|
-
|
-
|
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by expl…
Update
|
-
|
CVE-2025-25748
|
2025-03-14 22:15 |
2025-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
9.8 |
CRITICAL
ネットワーク
-
|
-
|
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insuf…
New
|
CWE-269
不適切な権限管理
|
CVE-2025-2232
|
2025-03-14 21:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
50
|
7.3 |
HIGH
ネットワーク
-
|
-
|
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credential…
New
|
CWE-321
ハードコードされた暗号鍵の使用
|
CVE-2024-13773
|
2025-03-14 21:15 |
2025-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
