Lista CVE 2025/30xxx
CVE nel gruppo: 30xxx
CVE-2025-30152 (N/A)
CVE-2025-30153 (Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout)
CVE-2025-30154 (Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter)
CVE-2025-30155 (Multiple Reviewdog actions were compromised during a specific time period)
CVE-2025-30157 (Tuleap does not enforce read permissions on parent trackers in the REST API)
CVE-2025-30160 (Envoy crashes when HTTP ext_proc processes local replies)
CVE-2025-30161 (Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form)
CVE-2025-30162 (OpenEMR Stored XSS in OpenEMR Bronchitis Form)
CVE-2025-30163 (East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers)
CVE-2025-30164 (Node based network policies may incorrectly allow workload traffic)
CVE-2025-30168 (Icinga Web 2 has open redirect on login page)
CVE-2025-30177 (Parse Server has an OAuth login vulnerability)
CVE-2025-30179 (Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering)
CVE-2025-30196 (MFA Enforcement Bypass in Search APIs)
CVE-2025-30197 (N/A)
CVE-2025-30203 (N/A)
CVE-2025-30204 (Tuleap allows XSS via the content of RSS feeds in the RSS widgets)
CVE-2025-30205 (jwt-go allows excessive memory allocation during header parsing)
CVE-2025-30208 (kanidm-provision leaks provisioned admin credentials into the system log)
CVE-2025-30209 (Vite bypasses server.fs.deny when using `?raw??`)
CVE-2025-30210 (Tuleap has improper permission handling in the REST endpoints and release notes display of the FRS plugin)
CVE-2025-30211 (Bruno XSS On Environment Name)
CVE-2025-30212 (KEX init error results with excessive memory usage)
CVE-2025-30213 (Frappe has possibility of SQL injection due to improper validations)
CVE-2025-30214 (Frappe has Possibility of Remote Code Execution due to improper validation)
CVE-2025-30216 (Frappe vulnerable to information disclosure leading to account takeover)
CVE-2025-30217 (CryptoLib Has Heap Overflow in Crypto_TM_ProcessSecurity due to Unchecked Secondary Header Length)
CVE-2025-30219 (Frappe has possibility of SQL injection due to improper validations)
CVE-2025-30221 (RabbitMQ has XSS Vulnerability in an Error Message in Management UI)
CVE-2025-30222 (Pitchfork HTTP Request/Response Splitting vulnerability)
CVE-2025-30223 (Shescape has potential environment variable exposure on Windows with CMD)
CVE-2025-30224 (Beego allows Reflected/Stored XSS in Beego’s RenderForm() Function Due to Unescaped User Input)
CVE-2025-30225 (MyDumper arbitrary file read issue)
CVE-2025-30232 (Directus’s S3 assets become unavailable after a burst of malformed transformations)
CVE-2025-30234 (N/A)
CVE-2025-30235 (N/A)
CVE-2025-30236 (N/A)
CVE-2025-30258 (N/A)
CVE-2025-30259 (N/A)
CVE-2025-30334 (N/A)
CVE-2025-30342 (OpenBSD wg(4) kernel crash)
CVE-2025-30343 (N/A)
CVE-2025-30344 (N/A)
CVE-2025-30345 (N/A)
CVE-2025-30346 (N/A)
CVE-2025-30347 (N/A)
CVE-2025-30348 (N/A)
CVE-2025-30349 (N/A)
CVE-2025-30350 (N/A)
CVE-2025-30351 (Directus’s S3 assets become unavailable after a burst of HEAD requests)
CVE-2025-30352 (Suspended Directus user can continue to use session token to access API)
CVE-2025-30353 (Directus `search` query parameter allows enumeration of non permitted fields)
CVE-2025-30354 (Directus’s webhook trigger flows can leak sensitive data)
CVE-2025-30355 (Bruno ignores Safe-Mode in Asserts expressions)
CVE-2025-30358 (Synapse vulnerable to federation denial of service via malformed events)
CVE-2025-30361 (Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks)
CVE-2025-30362 (WeGIA Vulnerable to Broken Authentication – Old Password Validation)
CVE-2025-30363 (WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter id)
CVE-2025-30364 (WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter dados_addInfo)
CVE-2025-30365 (WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario)