CVE-2025-25952

CVE-2025-25952

Título es
CVE-2025-25952

Lun, 03/03/2025 – 01:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-25952

Descripción en
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

03/03/2025

03/03/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89639

    • Enviar en el boletín
    Off

    CVE-2025-25951

    CVE-2025-25951

    Título es
    CVE-2025-25951

    Lun, 03/03/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25951

    Descripción en
    An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.

    03/03/2025

    03/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89638

    • Enviar en el boletín
    Off

    CVE-2025-25950

    CVE-2025-25950

    Título es
    CVE-2025-25950

    Lun, 03/03/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25950

    Descripción en
    Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

    03/03/2025

    03/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89637

    • Enviar en el boletín
    Off

    CVE-2025-25949

    CVE-2025-25949

    Título es
    CVE-2025-25949

    Lun, 03/03/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25949

    Descripción en
    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.

    03/03/2025

    03/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636

    • Enviar en el boletín
    Off

    CVE-2025-27585

    CVE-2025-27585

    Título es
    CVE-2025-27585

    Lun, 03/03/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27585

    Descripción en
    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.

    03/03/2025

    03/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636

    • Enviar en el boletín
    Off

    CVE-2025-27584

    CVE-2025-27584

    Título es
    CVE-2025-27584

    Lun, 03/03/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27584

    Descripción en
    A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.

    03/03/2025

    03/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636

    • Enviar en el boletín
    Off

    CVE-2025-27583

    CVE-2025-27583

    Título es
    CVE-2025-27583

    Lun, 03/03/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-27583

    Descripción en
    Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

    03/03/2025

    03/03/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637

    • Enviar en el boletín
    Off

    CVE-2025-1845

    CVE-2025-1845

    Título es
    CVE-2025-1845

    Lun, 03/03/2025 – 02:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1845

    Descripción en
    A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    03/03/2025

    03/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/666lail/report/blob/main/tmp/2.md

  • https://vuldb.com/?ctiid_298111=

  • https://vuldb.com/?id_298111=

  • https://vuldb.com/?submit_505009=

    • Enviar en el boletín
    Off

    CVE-2025-1844

    CVE-2025-1844

    Título es
    CVE-2025-1844

    Lun, 03/03/2025 – 02:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-1844

    Descripción en
    A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    03/03/2025

    03/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://github.com/666lail/report/blob/main/tmp/1.md

  • https://vuldb.com/?ctiid_298110=

  • https://vuldb.com/?id_298110=

  • https://vuldb.com/?submit_505008=

    • Enviar en el boletín
    Off

    CVE-2025-1830

    CVE-2025-1830

    Título es
    CVE-2025-1830

    Dom, 02/03/2025 – 20:15

    Tipo
    CWE-79

    Gravedad v2.0
    3.30

    Gravedad 2.0 Txt
    LOW

    Título en

    CVE-2025-1830

    Descripción en
    A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    02/03/2025

    02/03/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:N/I:P/A:N

    Gravedad 4.0
    4.80

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias


  • https://github.com/caigo8/CVE-md/blob/main/zz/zz_xss1.md

  • https://vuldb.com/?ctiid_298097=

  • https://vuldb.com/?id_298097=

  • https://vuldb.com/?submit_504790=

    • Enviar en el boletín
    Off