CVE-2025-70027
- EPSS 0.04%
- Veröffentlicht 11.03.2026 00:00:00
- Zuletzt bearbeitet 02.04.2026 13:12:23
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
CVE-2025-70032
- EPSS 0.04%
- Veröffentlicht 09.03.2026 19:16:00
- Zuletzt bearbeitet 01.04.2026 15:40:26
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70033
- EPSS 0.02%
- Veröffentlicht 09.03.2026 00:00:00
- Zuletzt bearbeitet 01.04.2026 15:40:48
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70031
- EPSS 0.03%
- Veröffentlicht 09.03.2026 00:00:00
- Zuletzt bearbeitet 01.04.2026 15:39:56
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70030
- EPSS 0.06%
- Veröffentlicht 09.03.2026 00:00:00
- Zuletzt bearbeitet 01.04.2026 15:40:10
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70028
- EPSS 0.07%
- Veröffentlicht 09.03.2026 00:00:00
- Zuletzt bearbeitet 01.04.2026 15:39:38
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70029
- EPSS 0.01%
- Veröffentlicht 11.02.2026 18:16:06
- Zuletzt bearbeitet 01.04.2026 15:29:33
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options