199 matches found
CVE-2025-70030
CVE-2025-70030 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-1333: Inefficient Regular Expression Complexity, caused by complex regexes in the portal that can lead to performance degradation (absence of confidentiality/integrity impact, but availability impact is high). The CVSSv3...
sunbird-portal 安全漏洞
sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability, which stems from the inefficiency of regular expressions, potentially leading to regular expression denial-of-service attacks...
CVE-2025-70031
CVE-2025-70031 describes a CSRF (CWE-352) in the Sunbird-Ed SunbirdEd-portal v1.13.4. The vulnerability is identified across multiple feeds (NVD, Red Hat, ENISA EUVD, CVE catalogs) with a CVSSv3.1 base score of 8.8 (HIGH), indicating a high-impact issue. Affected product: SunbirdEd-portal (Sunbir...
CVE-2025-70032
Sunbird-Ed SunbirdEd-portal 1.13.4 is affected by CVE-2025-70032, a CWE-601 URL redirection to an untrusted site. The issue is publicly documented across multiple feeds (NVD/Red Hat/EUVD/OSV) with the affected product/version explicitly named as SunbirdEd-portal v1.13.4. The CVSSv3.1 base score i...
CVE-2025-70028
Sunbird-Ed SunbirdEd-portal v1.13.4 is affected by CVE-2025-70028 (path traversal). The issue stems from CWE-22: Improper Limitation of a Pathname to a Restricted Directory. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH) with Network attack vector, no privileges or user interaction requ...
CVE-2025-70030
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
CVE-2025-70032
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
CVE-2025-70028
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
CVE-2025-70031
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
sunbird-portal 安全漏洞
sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability. This vulnerability stems from the application disabling TLS/SSL certificate verification by setting rejectUnauthorized to false, which may allow attackers to obtain...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-70029
CVE-2025-70029 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is that TLS/SSL certificate validation is disabled by setting 'rejectUnauthorized': false in HTTP request options, which can lead to information exposure. The CVSS 3.1 vector indicates Network access with low attack complexity ...
CVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...
CVE-2025-55703
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...
CVE-2025-55703
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...
CVE-2025-55703
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...
Sunbird Power IQ 安全漏洞
Sunbird Power IQ is a data center infrastructure management software from Sunbird, USA. A security vulnerability exists in Sunbird Power IQ version 9.2.0 that stems from an outdated API endpoint that does not properly validate input and could lead to manipulation of SQL queries...