admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-15 05:00:38 +00:00
parent 15a6025e70
commit 15b62d8181
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 261 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2025/3xxx/CVE-2025-3053.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3053",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "admintwentytwenty",
"product": {
"product_data": [
{
"product_name": "UiPress lite | Effortless custom dashboards, admin themes and pages",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "3.5.07"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6717adb0-27bc-4cd4-8c34-bea59bc0e016?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6717adb0-27bc-4cd4-8c34-bea59bc0e016?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3292552/uipress-lite/trunk/admin/core/ajax-functions.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3292552/uipress-lite/trunk/admin/core/ajax-functions.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "cynau1t"
},
{
"lang": "en",
"value": "TIANGONG Team"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

82
2025/48xxx/CVE-2025-48024.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2025-48024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bluewave-labs/Checkmate/pull/2227",
"refsource": "MISC",
"name": "https://github.com/bluewave-labs/Checkmate/pull/2227"
},
{
"url": "https://github.com/bluewave-labs/Checkmate/commit/7a855ef47adf2265121c236097059c7c6555fd7c",
"refsource": "MISC",
"name": "https://github.com/bluewave-labs/Checkmate/commit/7a855ef47adf2265121c236097059c7c6555fd7c"
},
{
"url": "https://github.com/bluewave-labs/Checkmate/commit/91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6",
"refsource": "MISC",
"name": "https://github.com/bluewave-labs/Checkmate/commit/91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6"
},
{
"url": "https://github.com/bluewave-labs/Checkmate/commit/36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287",
"refsource": "MISC",
"name": "https://github.com/bluewave-labs/Checkmate/commit/36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287"
},
{
"url": "https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-jjmg-cjr4-439m",
"refsource": "MISC",
"name": "https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-jjmg-cjr4-439m"
}
]
}
}

18
2025/48xxx/CVE-2025-48025.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/48xxx/CVE-2025-48026.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

67
2025/48xxx/CVE-2025-48027.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2025-48027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/kwburns/CVE/blob/main/pGina.Fork/3.9.9.12/README.md",
"refsource": "MISC",
"name": "https://github.com/kwburns/CVE/blob/main/pGina.Fork/3.9.9.12/README.md"
},
{
"url": "https://github.com/MutonUfoAI/pgina/blob/1922de0fe27492c09d2f188c2c7e54a4b364bbad/Plugins/HttpAuth/HttpAuth/Settings.cs#L44",
"refsource": "MISC",
"name": "https://github.com/MutonUfoAI/pgina/blob/1922de0fe27492c09d2f188c2c7e54a4b364bbad/Plugins/HttpAuth/HttpAuth/Settings.cs#L44"
}
]
}
}