admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-14 16:00:31 +00:00
parent 88cfcc729f
commit 17a6521367
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 493 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
2025/22xxx/CVE-2025-22371.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "csirt@divd.nl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that.\n\nAs of the date of this CVE record, there has been no patch"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SicommNet",
"product": {
"product_data": [
{
"product_name": "BASEC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14 Dec 2021",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://basec.sicomm.net/login/",
"refsource": "MISC",
"name": "https://basec.sicomm.net/login/"
},
{
"url": "https://csirt.divd.nl/DIVD-2025-00001",
"refsource": "MISC",
"name": "https://csirt.divd.nl/DIVD-2025-00001"
},
{
"url": "https://cisrt.divd.nl/CVE-2025-22371",
"refsource": "MISC",
"name": "https://cisrt.divd.nl/CVE-2025-22371"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "DIVD-2025-00001",
"discovery": "INTERNAL"
},
"exploit": [
{
"lang": "en",
"value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jesse Meijer (DIVD)"
},
{
"lang": "en",
"value": "Frank Breedijk (DIVD)"
}
]
}

97
2025/22xxx/CVE-2025-22372.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "csirt@divd.nl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficiently Protected Credentials vulnerability in SicommNet BASEC on SaaS allows Password Recovery.\nPasswords are either stored in plain text using reversible encryption, allowing an attacker with sufficient privileges to extract plain text passwords easily.\n\nThis issue affects BASEC: from 14 Dec 2021."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SicommNet",
"product": {
"product_data": [
{
"product_name": "BASEC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14 Dec 2021",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://basec.sicomm.net/login/",
"refsource": "MISC",
"name": "https://basec.sicomm.net/login/"
},
{
"url": "https://csirt.divd.nl/DIVD-2025-00001",
"refsource": "MISC",
"name": "https://csirt.divd.nl/DIVD-2025-00001"
},
{
"url": "https://cisrt.divd.nl/CVE-2025-22372",
"refsource": "MISC",
"name": "https://cisrt.divd.nl/CVE-2025-22372"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "DIVD-2025-00001",
"discovery": "INTERNAL"
},
"exploit": [
{
"lang": "en",
"value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jesse Meijer (DIVD)"
},
{
"lang": "en",
"value": "Frank Breedijk (DIVD)"
}
]
}

97
2025/22xxx/CVE-2025-22373.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "csirt@divd.nl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SicommNet BASEC on SaaS allows Reflected XSS, XSS Through HTTP Query Strings, Rendering of Arbitrary HTML and alternation of CSS Styles\nThis issue affects BASEC: from 14 Dec 2021."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SicommNet",
"product": {
"product_data": [
{
"product_name": "BASEC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "14 Dec 2021",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://basec.sicomm.net/login/",
"refsource": "MISC",
"name": "https://basec.sicomm.net/login/"
},
{
"url": "https://csirt.divd.nl/DIVD-2025-00001",
"refsource": "MISC",
"name": "https://csirt.divd.nl/DIVD-2025-00001"
},
{
"url": "https://cisrt.divd.nl/CVE-2025-22373",
"refsource": "MISC",
"name": "https://cisrt.divd.nl/CVE-2025-22373"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "DIVD-2025-00001",
"discovery": "INTERNAL"
},
"exploit": [
{
"lang": "en",
"value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "Given that vulnerability has been exposed for over 3 years, users should consider the service and all the data in it as compromised."
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jesse Meijer (DIVD)"
},
{
"lang": "en",
"value": "Frank Breedijk (DIVD)"
}
]
}

72
2025/32xxx/CVE-2025-32931.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2025-32931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/lishihihi/voyager-issue-report/",
"refsource": "MISC",
"name": "https://github.com/lishihihi/voyager-issue-report/"
},
{
"url": "https://github.com/thedevdojo/voyager/blob/1.8/docs/core-concepts/compass.md",
"refsource": "MISC",
"name": "https://github.com/thedevdojo/voyager/blob/1.8/docs/core-concepts/compass.md"
},
{
"url": "https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d2d9e0481a86153a1ceff194c00/resources/views/compass/includes/commands.blade.php#L11-L16",
"refsource": "MISC",
"name": "https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d2d9e0481a86153a1ceff194c00/resources/views/compass/includes/commands.blade.php#L11-L16"
}
]
}
}

113
2025/3xxx/CVE-2025-3571.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3571",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Fannuo Enterprise Content Management System \u51e1\u8bfa\u4f01\u4e1a\u7f51\u7ad9\u7ba1\u7406\u7cfb\u7edf 1.1/4.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/cms_chip.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In Fannuo Enterprise Content Management System \u51e1\u8bfa\u4f01\u4e1a\u7f51\u7ad9\u7ba1\u7406\u7cfb\u7edf 1.1/4.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei admin/cms_chip.php. Dank der Manipulation des Arguments del mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fannuo",
"product": {
"product_data": [
{
"product_name": "Enterprise Content Management System \u51e1\u8bfa\u4f01\u4e1a\u7f51\u7ad9\u7ba1\u7406\u7cfb\u7edf",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1"
},
{
"version_affected": "=",
"version_value": "4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.304612",
"refsource": "MISC",
"name": "https://vuldb.com/?id.304612"
},
{
"url": "https://vuldb.com/?ctiid.304612",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.304612"
},
{
"url": "https://vuldb.com/?submit.549927",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.549927"
},
{
"url": "https://wiki.shikangsi.com/post/share/c46c50d3-c8d7-46a0-9fed-8d79a64abb44",
"refsource": "MISC",
"name": "https://wiki.shikangsi.com/post/share/c46c50d3-c8d7-46a0-9fed-8d79a64abb44"
}
]
},
"credits": [
{
"lang": "en",
"value": "XingYue_Mstir (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2025/3xxx/CVE-2025-3598.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3598",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3599.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}