From 0ef95c9cf7b2777ee0715cb7816992d1821d2472 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 3 Mar 2025 01:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/25xxx/CVE-2025-25952.json | 56 ++++++++++++++++++++++++++++++---- 2025/25xxx/CVE-2025-25953.json | 56 ++++++++++++++++++++++++++++++---- 2025/27xxx/CVE-2025-27583.json | 56 ++++++++++++++++++++++++++++++---- 2025/27xxx/CVE-2025-27584.json | 56 ++++++++++++++++++++++++++++++---- 2025/27xxx/CVE-2025-27585.json | 56 ++++++++++++++++++++++++++++++---- 5 files changed, 250 insertions(+), 30 deletions(-) diff --git a/2025/25xxx/CVE-2025-25952.json b/2025/25xxx/CVE-2025-25952.json index 8d39fc7e9e6..4b4b8e30da8 100644 --- a/2025/25xxx/CVE-2025-25952.json +++ b/2025/25xxx/CVE-2025-25952.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25952", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25952", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89639", + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89639" } ] } diff --git a/2025/25xxx/CVE-2025-25953.json b/2025/25xxx/CVE-2025-25953.json index 10104800cd1..2c293ce835f 100644 --- a/2025/25xxx/CVE-2025-25953.json +++ b/2025/25xxx/CVE-2025-25953.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25953", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25953", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640", + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640" } ] } diff --git a/2025/27xxx/CVE-2025-27583.json b/2025/27xxx/CVE-2025-27583.json index 5d208a4937a..979e807af3b 100644 --- a/2025/27xxx/CVE-2025-27583.json +++ b/2025/27xxx/CVE-2025-27583.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27583", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27583", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637", + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-53637" } ] } diff --git a/2025/27xxx/CVE-2025-27584.json b/2025/27xxx/CVE-2025-27584.json index 982b646fa03..f9d6bd8a263 100644 --- a/2025/27xxx/CVE-2025-27584.json +++ b/2025/27xxx/CVE-2025-27584.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27584", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27584", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636", + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636" } ] } diff --git a/2025/27xxx/CVE-2025-27585.json b/2025/27xxx/CVE-2025-27585.json index 27b6d93cbf8..3952f78497c 100644 --- a/2025/27xxx/CVE-2025-27585.json +++ b/2025/27xxx/CVE-2025-27585.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-27585", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-27585", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636", + "refsource": "MISC", + "name": "https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89636" } ] }