Security Vulnerabilities - CVEs Published In April 2025
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-30
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-04-30
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-04-30
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-30
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-30
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.5
EPSS Score
0.001
Published
2025-04-30
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-04-30