CVE-2025-30469 - Apple iOS Lock Screen Photo Access Vulnerability
CVE ID : CVE-2025-30469
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30469
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30470 - Apple VisionOS Path Traversal Vulnerability
CVE ID : CVE-2025-30470
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30470
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30471 - Apple VisionOS/OS Denial of Service Validation Vulnerability
CVE ID : CVE-2025-30471
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30471
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31182 - Apple VisionOS Symlink Privilege Escalation Vulnerability
CVE ID : CVE-2025-31182
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31182
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31183 - Apple macOS Sonoma iOS iPadOS tvOS macOS Sequoia Data Container Access Weakness
CVE ID : CVE-2025-31183
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31183
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31184 - Apple Safari Local Network Access Privilege Escalation
CVE ID : CVE-2025-31184
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31184
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31187 - Apple macOS File System Protection Vulnerability (Code Execution)
CVE ID : CVE-2025-31187
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31187
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31188 - Apple macOS App Privacy Bypass (Race Condition)
CVE ID : CVE-2025-31188
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy preferences.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31188
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy preferences.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31191 - Apple macOS/TVOS/iOS/iPadOS Data Access Vulnerability
CVE ID : CVE-2025-31191
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31191
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31192 - Safari Sensor Information Access Vulnerability
CVE ID : CVE-2025-31192
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31192
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31194 - "Apple macOS Shortcut Authentication Bypass"
CVE ID : CVE-2025-31194
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31194
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3037 - "yzk2356911358 StudentServlet-JSP Cross-Site Request Forgery (CSRF)"
CVE ID : CVE-2025-3037
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3037
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3038 - Code-projects Payroll Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3038
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3038
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3039 - Code-projects Payroll Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3039
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3039
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3040 - Project Worlds Online Time Table Generator File Upload Vulnerability
CVE ID : CVE-2025-3040
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3040
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3059 - Drupal Profile Private Unauthenticated File Upload
CVE ID : CVE-2025-3059
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3059
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3060 - Drupal Flattern Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-3060
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3060
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3061 - "Drupal Material Admin Stored Cross-Site Scripting"
CVE ID : CVE-2025-3061
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3061
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3062 - "Drupal Admin LTE Theme Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-3062
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3062
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3041 - Project Worlds Online Time Table Generator Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-3041
Published : April 1, 2025, 12:15 a.m. | 16 minutes ago
Description : A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3041
Published : April 1, 2025, 12:15 a.m. | 16 minutes ago
Description : A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21384 - Microsoft Azure Health Bot SSRF Privilege Escalation
CVE ID : CVE-2025-21384
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21384
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...