CVE-2025-21384 - Microsoft Azure Health Bot SSRF Privilege Escalation
CVE ID : CVE-2025-21384
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21384
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3042 - Project Worlds Online Time Table Generator Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-3042
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3042
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3043 - GuoMinJim PersonManage Path Traversal Vulnerability
CVE ID : CVE-2025-3043
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3043
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3045 - "SourceCodester Apartment Visitor Management System SQL Injection"
CVE ID : CVE-2025-3045
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3045
Published : April 1, 2025, 1:15 a.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30672 - Mite for Perl Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-30672
Published : April 1, 2025, 2:15 a.m. | 2 hours, 16 minutes ago
Description : Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30672
Published : April 1, 2025, 2:15 a.m. | 2 hours, 16 minutes ago
Description : Mite for Perl before 0.013000 generates code with the current working directory ('.') added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. This affects the Mite distribution itself, and other distributions that contain code generated by Mite.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30673 - Perl Sub::HandlesVia Remote Code Execution Vulnerability
CVE ID : CVE-2025-30673
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30673
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Sub::HandlesVia uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31515 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31515
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31515
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31516 - Apache OpenOffice Unvalidated User Input
CVE ID : CVE-2025-31516
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31516
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31517 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31517
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31517
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31518 - Apache Web Server Cross-Site Request Forgery
CVE ID : CVE-2025-31518
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31518
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31519 - Citrix NetScaler Denial of Service
CVE ID : CVE-2025-31519
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31519
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31520 - VMware VMFS File System Directory Traversal
CVE ID : CVE-2025-31520
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31520
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31521 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-31521
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31521
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31522 - Apache HTTP Server XML Entity Injection
CVE ID : CVE-2025-31522
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31522
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31523 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-31523
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31523
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3051 - Linux::Statm::Tiny Remote Code Execution Vulnerability
CVE ID : CVE-2025-3051
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3051
Published : April 1, 2025, 3:15 a.m. | 1 hour, 16 minutes ago
Description : Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0416 - Valmet DNA DCOM Privilege Escalation Vulnerability
CVE ID : CVE-2025-0416
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0416
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0417 - Valmet DNA Operate Brute Force Authentication Bypass
CVE ID : CVE-2025-0417
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0417
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0418 - Valmet DNA Plain Text Password Vulnerability
CVE ID : CVE-2025-0418
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0418
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1534 - Payara Platform Payara Server Cross-site Scripting Remote Code Inclusion
CVE ID : CVE-2025-1534
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1534
Published : April 1, 2025, 4:15 a.m. | 15 minutes ago
Description : CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30886 - JoomSky JS Help Desk SQL Injection
CVE ID : CVE-2025-30886
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30886
Published : April 1, 2025, 6:15 a.m. | 2 hours, 15 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...