Security Vulnerabilities - CVEs Published In April 2025
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-04-30
Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-04-30
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-30
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-04-30
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-04-30
Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-04-30
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-04-30
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-04-30