diff --git a/2024/53xxx/CVE-2024-53961.json b/2024/53xxx/CVE-2024-53961.json index 7f1cc9c0388..49ed210ea96 100644 --- a/2024/53xxx/CVE-2024-53961.json +++ b/2024/53xxx/CVE-2024-53961.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data." + "value": "ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Exploitation of this issue requires the admin panel be exposed to the internet." } ] }, @@ -79,20 +79,20 @@ { "attackComplexity": "HIGH", "attackVector": "NETWORK", - "availabilityImpact": "NONE", + "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", - "baseScore": 7.4, + "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", - "environmentalScore": 7.4, + "environmentalScore": 8.1, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "HIGH", "modifiedAttackVector": "NETWORK", - "modifiedAvailabilityImpact": "NONE", + "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", @@ -102,10 +102,10 @@ "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", - "temporalScore": 7.4, + "temporalScore": 8.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2025/24xxx/CVE-2025-24406.json b/2025/24xxx/CVE-2025-24406.json index 8ccf54fa341..77003ed9b07 100644 --- a/2025/24xxx/CVE-2025-24406.json +++ b/2025/24xxx/CVE-2025-24406.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction." + "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction." } ] }, diff --git a/2025/24xxx/CVE-2025-24434.json b/2025/24xxx/CVE-2025-24434.json index 54c61aeebde..12db0df0fab 100644 --- a/2025/24xxx/CVE-2025-24434.json +++ b/2025/24xxx/CVE-2025-24434.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high." + "value": "Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "Improper Authorization (CWE-285)", - "cweId": "CWE-285" + "value": "Incorrect Authorization (CWE-863)", + "cweId": "CWE-863" } ] } diff --git a/2025/26xxx/CVE-2025-26393.json b/2025/26xxx/CVE-2025-26393.json index c92c2b2409d..71d894065ce 100644 --- a/2025/26xxx/CVE-2025-26393.json +++ b/2025/26xxx/CVE-2025-26393.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@solarwinds.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-653: Improper Isolation or Compartmentalization", + "cweId": "CWE-653" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SolarWinds", + "product": { + "product_data": [ + { + "product_name": "Service Desk", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "01-28-2025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393", + "refsource": "MISC", + "name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Seif Abdelwahid" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29426.json b/2025/29xxx/CVE-2025-29426.json index 505d94a8173..158aeb8e006 100644 --- a/2025/29xxx/CVE-2025-29426.json +++ b/2025/29xxx/CVE-2025-29426.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29426", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29426", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/class.php via the id and cys parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/872323857/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System-class.php.md", + "refsource": "MISC", + "name": "https://github.com/872323857/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System-class.php.md" } ] } diff --git a/2025/2xxx/CVE-2025-2392.json b/2025/2xxx/CVE-2025-2392.json index ec2a378a662..037fc51ec68 100644 --- a/2025/2xxx/CVE-2025-2392.json +++ b/2025/2xxx/CVE-2025-2392.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/activate.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in code-projects Online Class and Exam Scheduling System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /pages/activate.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Class and Exam Scheduling System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.299891", + "refsource": "MISC", + "name": "https://vuldb.com/?id.299891" + }, + { + "url": "https://vuldb.com/?ctiid.299891", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.299891" + }, + { + "url": "https://vuldb.com/?submit.516912", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.516912" + }, + { + "url": "https://github.com/intercpt/XSS1/blob/main/SQL11.md", + "refsource": "MISC", + "name": "https://github.com/intercpt/XSS1/blob/main/SQL11.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "intrcpt (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2393.json b/2025/2xxx/CVE-2025-2393.json index 108847281ad..ef2b67c7394 100644 --- a/2025/2xxx/CVE-2025-2393.json +++ b/2025/2xxx/CVE-2025-2393.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salut_del.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in code-projects Online Class and Exam Scheduling System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /pages/salut_del.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Online Class and Exam Scheduling System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.299892", + "refsource": "MISC", + "name": "https://vuldb.com/?id.299892" + }, + { + "url": "https://vuldb.com/?ctiid.299892", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.299892" + }, + { + "url": "https://vuldb.com/?submit.516917", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.516917" + }, + { + "url": "https://github.com/intercpt/XSS1/blob/main/SQL12.md", + "refsource": "MISC", + "name": "https://github.com/intercpt/XSS1/blob/main/SQL12.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "intrcpt (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2475.json b/2025/2xxx/CVE-2025-2475.json new file mode 100644 index 00000000000..db657586365 --- /dev/null +++ b/2025/2xxx/CVE-2025-2475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2476.json b/2025/2xxx/CVE-2025-2476.json new file mode 100644 index 00000000000..d5f25d36cab --- /dev/null +++ b/2025/2xxx/CVE-2025-2476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file