Pagina 2 – Azienda Sicura

Lista CVE 2025/30xxx

CVE-2025-30149 (Fast-JWT Improperly Validates iss Claims)

CVE-2025-30152 (OpenEMR Reflected XSS in AJAX Script)

CVE-2025-30153 (Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout)

CVE-2025-30154 (Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter)

CVE-2025-30155 (Multiple Reviewdog actions were compromised during a specific time period)

CVE-2025-30157 (Tuleap does not enforce read permissions on parent trackers in the REST API)

CVE-2025-30160 (Envoy crashes when HTTP ext_proc processes local replies)

CVE-2025-30161 (Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form)

CVE-2025-30162 (OpenEMR Stored XSS in OpenEMR Bronchitis Form)

CVE-2025-30163 (East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers)

CVE-2025-30164 (Node based network policies may incorrectly allow workload traffic)

CVE-2025-30168 (Icinga Web 2 has open redirect on login page)

CVE-2025-30177 (Parse Server has an OAuth login vulnerability)

CVE-2025-30179 (Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering)

CVE-2025-30196 (MFA Enforcement Bypass in Search APIs)

CVE-2025-30204 (Tuleap allows XSS via the content of RSS feeds in the RSS widgets)

CVE-2025-30205 (jwt-go allows excessive memory allocation during header parsing)

CVE-2025-30208 (kanidm-provision leaks provisioned admin credentials into the system log)

CVE-2025-30209 (Vite bypasses server.fs.deny when using `?raw??`)