CVE-2025-31191 - Apple macOS/TVOS/iOS/iPadOS Data Access Vulnerability
CVE ID : CVE-2025-31191
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31191
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31192 - Safari Sensor Information Access Vulnerability
CVE ID : CVE-2025-31192
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31192
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31194 - "Apple macOS Shortcut Authentication Bypass"
CVE ID : CVE-2025-31194
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31194
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3037 - "yzk2356911358 StudentServlet-JSP Cross-Site Request Forgery (CSRF)"
CVE ID : CVE-2025-3037
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3037
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3038 - Code-projects Payroll Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3038
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3038
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3039 - Code-projects Payroll Management System SQL Injection Vulnerability
CVE ID : CVE-2025-3039
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3039
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3040 - Project Worlds Online Time Table Generator File Upload Vulnerability
CVE ID : CVE-2025-3040
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3040
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3059 - Drupal Profile Private Unauthenticated File Upload
CVE ID : CVE-2025-3059
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3059
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3060 - Drupal Flattern Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-3060
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3060
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3061 - "Drupal Material Admin Stored Cross-Site Scripting"
CVE ID : CVE-2025-3061
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3061
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3062 - "Drupal Admin LTE Theme Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-3062
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3062
Published : March 31, 2025, 11:15 p.m. | 1 hour, 15 minutes ago
Description : Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3041 - Project Worlds Online Time Table Generator Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-3041
Published : April 1, 2025, 12:15 a.m. | 16 minutes ago
Description : A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3041
Published : April 1, 2025, 12:15 a.m. | 16 minutes ago
Description : A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21384 - Microsoft Azure Health Bot SSRF Privilege Escalation
CVE ID : CVE-2025-21384
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21384
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3042 - Project Worlds Online Time Table Generator Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-3042
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3042
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3043 - GuoMinJim PersonManage Path Traversal Vulnerability
CVE ID : CVE-2025-3043
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3043
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3045 - "SourceCodester Apartment Visitor Management System SQL Injection"
CVE ID : CVE-2025-3045
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3045
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30672 - Mite for Perl Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-30672
Published : April 1, 2025, 2:15 a.m. | 2 hours, 16 minutes ago
Description : Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30672
Published : April 1, 2025, 2:15 a.m. | 2 hours, 16 minutes ago
Description : Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30673 - Perl Sub::HandlesVia Remote Code Execution Vulnerability
CVE ID : CVE-2025-30673
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30673
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31515 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31515
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31515
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31516 - Apache OpenOffice Unvalidated User Input
CVE ID : CVE-2025-31516
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31516
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31517 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31517
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31517
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...