admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-19 20:00:33 +00:00
parent 895c4e3151
commit 097940f6fb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 399 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/6xxx/CVE-2018-6867.json
View File

@ -56,6 +56,11 @@
"name": "44171",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44171"
},
{
"refsource": "MISC",
"name": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2018-6867/Alibaba%20Clone%20Script%201.0.2%20Cross%20Site%20Scripting.txt",
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2018-6867/Alibaba%20Clone%20Script%201.0.2%20Cross%20Site%20Scripting.txt"
}
]
}

5
2019/1000xxx/CVE-2019-1000018.json
View File

@ -99,6 +99,11 @@
"refsource": "FULLDISC",
"name": "20210526 KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account",
"url": "http://seclists.org/fulldisclosure/2021/May/78"
},
{
"refsource": "MISC",
"name": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt",
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt"
}
]
}

5
2019/13xxx/CVE-2019-13029.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2019-13029/REDCap%20Cross%20Site%20Scripting.txt",
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2019-13029/REDCap%20Cross%20Site%20Scripting.txt"
}
]
}

5
2021/45xxx/CVE-2021-45422.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/",
"url": "https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/"
},
{
"refsource": "MISC",
"name": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt",
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt"
}
]
}

76
2025/27xxx/CVE-2025-27415.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
"cweId": "CWE-349"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nuxt",
"product": {
"product_data": [
{
"product_name": "nuxt",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nuxt/nuxt/security/advisories/GHSA-jvhm-gjrh-3h93",
"refsource": "MISC",
"name": "https://github.com/nuxt/nuxt/security/advisories/GHSA-jvhm-gjrh-3h93"
}
]
},
"source": {
"advisory": "GHSA-jvhm-gjrh-3h93",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

61
2025/27xxx/CVE-2025-27704.json
View File

@ -1,18 +1,71 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "securityresponse@absolute.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a cross-site scripting vulnerability in the Secure\nAccess administrative console of Absolute Secure Access prior to version 13.53.\nAttackers with system administrator permissions can interfere with another\nsystem administrator\u2019s use of the management console when the second\nadministrator logs in. Attack complexity is high, attack requirements are\npresent, privileges required are none, user interaction is required. The impact\nto confidentiality is low, the impact to availability is none, and the impact\nto system integrity is none."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Absolute Security",
"product": {
"product_data": [
{
"product_name": "Secure Access",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "12.52"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/",
"refsource": "MISC",
"name": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}

76
2025/27xxx/CVE-2025-27705.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "securityresponse@absolute.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a cross-site scripting vulnerability in the Secure\nAccess administrative console of Absolute Secure Access prior to version 13.53.\nAttackers with system administrator permissions can interfere with another\nsystem administrator\u2019s use of the management console when the second\nadministrator logs in. Attack complexity is high, attack requirements are\npresent, privileges required are none, user interaction is required. The impact\nto confidentiality is low, the impact to availability is none, and the impact\nto system integrity is none."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Absolute Security",
"product": {
"product_data": [
{
"product_name": "Secure Access",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "13.52"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/",
"refsource": "MISC",
"name": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to server version 13.53"
}
],
"value": "Upgrade to server version 13.53"
}
]
}

106
2025/2xxx/CVE-2025-2536.json
View File

@ -1,18 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@liferay.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's layout-taglib/__liferay__/index.js allows remote attackers to inject arbitrary web script or HTML via toastData parameter"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Liferay",
"product": {
"product_data": [
{
"product_name": "Portal",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.3.82",
"version_value": "7.4.3.129"
}
]
}
},
{
"product_name": "DXP",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.4.13-u82",
"version_value": "7.4.13-u92"
},
{
"version_affected": "<=",
"version_name": "2023.Q3.1",
"version_value": "2023.Q3.10"
},
{
"version_affected": "<=",
"version_name": "2023.Q4.0",
"version_value": "2023.Q4.10"
},
{
"version_affected": "<=",
"version_name": "2024.Q1.1",
"version_value": "2024.Q1.12"
},
{
"version_affected": "<=",
"version_name": "2024.Q2.0",
"version_value": "2024.Q2.13"
},
{
"version_affected": "<=",
"version_name": "2024.Q3.0",
"version_value": "2024.Q3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-2536",
"refsource": "MISC",
"name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-2536"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Dtro"
}
]
}

18
2025/2xxx/CVE-2025-2537.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

66
2025/30xxx/CVE-2025-30258.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-30258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html",
"refsource": "MISC",
"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html"
},
{
"url": "https://dev.gnupg.org/T7527",
"refsource": "MISC",
"name": "https://dev.gnupg.org/T7527"
},
{
"url": "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158",
"refsource": "MISC",
"name": "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158"
}
]
}