diff --git a/2024/11xxx/CVE-2024-11733.json b/2024/11xxx/CVE-2024-11733.json index bceece99881..993293c5503 100644 --- a/2024/11xxx/CVE-2024-11733.json +++ b/2024/11xxx/CVE-2024-11733.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "hcabrera", + "product": { + "product_data": [ + { + "product_name": "WordPress Popular Posts", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c38ac8d6-c6de-4be7-bf7b-198e085a0ad2?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c38ac8d6-c6de-4be7-bf7b-198e085a0ad2?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wordpress-popular-posts/tags/7.1.0/src/Rest/ViewLoggerEndpoint.php#L70", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wordpress-popular-posts/tags/7.1.0/src/Rest/ViewLoggerEndpoint.php#L70" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Michael Mazzolini" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/12xxx/CVE-2024-12237.json b/2024/12xxx/CVE-2024-12237.json index 384a505bdf2..d0cfd019fa8 100644 --- a/2024/12xxx/CVE-2024-12237.json +++ b/2024/12xxx/CVE-2024-12237.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12237", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to retrieve limited information from internal services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-918 Server-Side Request Forgery (SSRF)", + "cweId": "CWE-918" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nik00726", + "product": { + "product_data": [ + { + "product_name": "Photo Gallery Slideshow & Masonry Tiled Gallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.0.15" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08e44434-8908-4c63-9e5b-9a8b387255d9?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08e44434-8908-4c63-9e5b-9a8b387255d9?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.15/wp-responsive-photo-gallery.php#L3023", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.15/wp-responsive-photo-gallery.php#L3023" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.15/wp-responsive-photo-gallery.php#L3044", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.15/wp-responsive-photo-gallery.php#L3044" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Khayal Farzaliyev" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/55xxx/CVE-2024-55896.json b/2024/55xxx/CVE-2024-55896.json index d7b2aae730e..a93d92d9d14 100644 --- a/2024/55xxx/CVE-2024-55896.json +++ b/2024/55xxx/CVE-2024-55896.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-55896", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. \u00a0This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information", + "cweId": "CWE-451" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.4, 7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7180036", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7180036" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/55xxx/CVE-2024-55897.json b/2024/55xxx/CVE-2024-55897.json index 011b1e55d4e..1505c5d09bc 100644 --- a/2024/55xxx/CVE-2024-55897.json +++ b/2024/55xxx/CVE-2024-55897.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-55897", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM PowerHA SystemMirror for i 7.4 and 7.5 \n\ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "i", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "7.4, 7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7180036", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7180036" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0199.json b/2025/0xxx/CVE-2025-0199.json index 465c8126958..ff1326b5d95 100644 --- a/2025/0xxx/CVE-2025-0199.json +++ b/2025/0xxx/CVE-2025-0199.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0199", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. Affected is an unknown function of the file /user/minus_cart.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in code-projects Point of Sales and Inventory Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /user/minus_cart.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Point of Sales and Inventory Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.290136", + "refsource": "MISC", + "name": "https://vuldb.com/?id.290136" + }, + { + "url": "https://vuldb.com/?ctiid.290136", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.290136" + }, + { + "url": "https://vuldb.com/?submit.473384", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.473384" + }, + { + "url": "https://gist.github.com/Masamuneee/eff0a0865d54305faa78624e63172a92", + "refsource": "MISC", + "name": "https://gist.github.com/Masamuneee/eff0a0865d54305faa78624e63172a92" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "masamune (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/0xxx/CVE-2025-0217.json b/2025/0xxx/CVE-2025-0217.json new file mode 100644 index 00000000000..a98b8a0f512 --- /dev/null +++ b/2025/0xxx/CVE-2025-0217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file