CyberSecurityBoard
Sponsor Register Login

CVE-2025-3587

A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Publication date: Mon, 14 Apr 2025 20:00:00 +0000


Cyber News related to CVE-2025-3587

CVE-2025-3587 - A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. ...
2 months ago
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
3 months ago Cybersecuritynews.com CVE-2024-5594
CVE-2021-3587 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and ...
1 year ago
CVE-2013-3587 - The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by ...
1 year ago
CVE-2009-3587 - Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 ...
3 years ago
CVE-2011-4030 - The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different ...
13 years ago
CVE-2014-3587 - Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a ...
7 years ago
CVE-2006-3588 - Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587. ...
6 years ago
CVE-2012-0954 - APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a ...
5 years ago
CVE-2009-3588 - Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 ...
4 years ago
CVE-2005-3587 - Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. ...
15 years ago
CVE-2011-3587 - Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python ...
13 years ago
CVE-2010-3587 - Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management. ...
7 years ago
CVE-2018-3587 - In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. ...
6 years ago
CVE-2008-3587 - Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. ...
6 years ago
CVE-2006-3587 - Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. ...
6 years ago
CVE-2007-3587 - MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php. ...
6 years ago
CVE-2019-3587 - DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder. ...
5 years ago
CVE-2012-3587 - APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a ...
5 years ago
CVE-2016-3587 - Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. ...
3 years ago
CVE-2022-3587 - A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component My Account. The manipulation of the argument First ...
1 year ago
CVE-2023-3587 - Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions. ...
1 year ago
CVE-2020-3587 - A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based ...
1 year ago
CVE-2017-3587 - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged ...
5 years ago
CVE-2024-3587 - The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output ...
10 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)