Lucene search
K

199 matches found

CVE
CVE
added 2026/03/09 12:0 a.m.10 views

CVE-2025-70030

CVE-2025-70030 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-1333: Inefficient Regular Expression Complexity, caused by complex regexes in the portal that can lead to performance degradation (absence of confidentiality/integrity impact, but availability impact is high). The CVSSv3...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.7 views

sunbird-portal 安全漏洞

sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability, which stems from the inefficiency of regular expressions, potentially leading to regular expression denial-of-service attacks...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References4
CVE
CVE
added 2026/03/09 12:0 a.m.10 views

CVE-2025-70031

CVE-2025-70031 describes a CSRF (CWE-352) in the Sunbird-Ed SunbirdEd-portal v1.13.4. The vulnerability is identified across multiple feeds (NVD, Red Hat, ENISA EUVD, CVE catalogs) with a CVSSv3.1 base score of 8.8 (HIGH), indicating a high-impact issue. Affected product: SunbirdEd-portal (Sunbir...

8.8CVSS5.8AI score0.00155EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/09 12:0 a.m.12 views

CVE-2025-70032

Sunbird-Ed SunbirdEd-portal 1.13.4 is affected by CVE-2025-70032, a CWE-601 URL redirection to an untrusted site. The issue is publicly documented across multiple feeds (NVD/Red Hat/EUVD/OSV) with the affected product/version explicitly named as SunbirdEd-portal v1.13.4. The CVSSv3.1 base score i...

6.1CVSS5.8AI score0.00239EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/09 12:0 a.m.10 views

CVE-2025-70028

Sunbird-Ed SunbirdEd-portal v1.13.4 is affected by CVE-2025-70028 (path traversal). The issue stems from CWE-22: Improper Limitation of a Pathname to a Restricted Directory. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH) with Network attack vector, no privileges or user interaction requ...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/09 12:0 a.m.5 views

CVE-2025-70030

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References5
OSV
OSV
added 2026/03/09 12:0 a.m.5 views

CVE-2025-70032

An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

6.1CVSS5.8AI score0.00239EPSS
Exploits0References5
OSV
OSV
added 2026/03/09 12:0 a.m.6 views

CVE-2025-70028

An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References5
OSV
OSV
added 2026/03/09 12:0 a.m.5 views

CVE-2025-70031

An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

8.8CVSS5.8AI score0.00155EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.7 views

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

7.5CVSS5.5AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 6:16 p.m.5 views

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

7.5CVSS0.00282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.2 views

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

5.5AI score0.00282EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

sunbird-portal 安全漏洞

sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability. This vulnerability stems from the application disabling TLS/SSL certificate verification by setting rejectUnauthorized to false, which may allow attackers to obtain...

7.5CVSS5.8AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.24 views

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

0.00282EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 12:0 a.m.19 views

CVE-2025-70029

CVE-2025-70029 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is that TLS/SSL certificate validation is disabled by setting 'rejectUnauthorized': false in HTTP request options, which can lead to information exposure. The CVSS 3.1 vector indicates Network access with low attack complexity ...

7.5CVSS5.5AI score0.00282EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 12:0 a.m.4 views

CVE-2025-70029

An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options...

5.5AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.4 views

CVE-2025-55703

An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...

3.3CVSS8.2AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2025/12/15 8:15 p.m.5 views

CVE-2025-55703

An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2025/12/15 8:15 p.m.5 views

CVE-2025-55703

An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...

3.3CVSS0.00117EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

Sunbird Power IQ 安全漏洞

Sunbird Power IQ is a data center infrastructure management software from Sunbird, USA. A security vulnerability exists in Sunbird Power IQ version 9.2.0 that stems from an outdated API endpoint that does not properly validate input and could lead to manipulation of SQL queries...

3.3CVSS7.1AI score0.00117EPSS
Exploits0References3
Rows per page
Query Builder