Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Sunbird Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-70027 1 Sunbird 1 Sunbirded-portal 2026-04-02 N/A 7.5 HIGH
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
CVE-2025-70033 1 Sunbird 1 Sunbirded-portal 2026-04-01 N/A 5.4 MEDIUM
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70032 1 Sunbird 1 Sunbirded-portal 2026-04-01 N/A 6.1 MEDIUM
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70030 1 Sunbird 1 Sunbirded-portal 2026-04-01 N/A 7.5 HIGH
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70031 1 Sunbird 1 Sunbirded-portal 2026-04-01 N/A 8.8 HIGH
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70028 1 Sunbird 1 Sunbirded-portal 2026-04-01 N/A 7.5 HIGH
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70029 1 Sunbird 1 Sunbirded-portal 2026-04-01 N/A 7.5 HIGH
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options